GHSA-3fhq-72hw-jqwv
- Source
- https://github.com/advisories/GHSA-3fhq-72hw-jqwv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-3fhq-72hw-jqwv/GHSA-3fhq-72hw-jqwv.json
- Aliases
- Published
- 2022-10-01T00:00:21Z
- Modified
- 2023-11-08T04:09:40.519545Z
- Details
-
rdiffweb prior to 2.5.0a3 is vulnerable to Allocation of Resources Without Limits or Throttling. A lack of limit in the length of the
Token nameparameter can result in denial of service or memory corruption. Version 2.5.0a3 fixes this issue. - References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-3371
- https://github.com/ikus060/rdiffweb/commit/b62c479ff6979563c7c23e7182942bc4f460a2c7
- https://github.com/ikus060/rdiffweb
- https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-299.yaml
- https://huntr.dev/bounties/4e8f6136-50c7-4fa1-ac98-699bcb7b35ce
Affected packages
PyPI / rdiffweb
Package
- Name
- rdiffweb
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed2.5.0a3
Affected versions
0.*
0.9.2.dev1
0.9.3
0.9.4
0.9.5
0.10.0
0.10.2
0.10.3
0.10.4
0.10.5
0.10.6
0.10.7
0.10.8
0.10.9
1.*
1.0.0a1
1.0.0a2
1.0.0a3
1.0.0a4
1.0.0
1.0.1
1.0.2
1.0.3
1.1.0
1.2.0
1.2.1
1.2.2
1.3.0
1.3.1b1
1.3.1b2
1.3.1
1.3.2
1.4.0b1
1.4.0b2
1.4.0b3
1.4.0b4
1.4.0b5
1.4.0
1.4.1b1
1.4.1b2
1.4.1b3
1.5.0
1.5.1b1
1.5.1b2
1.6.0b1
2.*
2.0.1b2
2.0.1b3
2.0.2
2.0.3a1
2.0.3a2
2.0.3a3
2.0.3a4
2.0.3a5
2.0.3a6
2.0.3a7
2.1.0
2.2.0.dev1
2.2.0a1
2.2.0a2
2.2.0a3
2.2.0a4
2.2.0a5
2.2.0a6
2.2.0
2.2.1
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.4.9
2.4.10
2.4.11a1
2.4.11