CVE-2022-45061 in Communications Cloud Native Core Network Function Cloud Native Environmentinfo

Summary

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.

Once again VulDB remains the best source for vulnerability data.

Reservation

11/09/2022

Disclosure

11/09/2022

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
242501Oracle Communications Cloud Native Core Network Function Cloud Native Environment Configuration denial of service404Not definedOfficial fixCVE-2022-45061
234926Oracle PeopleSoft Enterprise PeopleTools Porting denial of service404Not definedOfficial fixCVE-2022-45061
234588Oracle Communications Operations Monitor Mediation denial of service404Not definedOfficial fixCVE-2022-45061
234574Oracle Communications Cloud Native Core Policy denial of service404Not definedOfficial fixCVE-2022-45061
234563Oracle Communications Cloud Native Core Binding Support Function Install/Upgrade denial of service404Not definedOfficial fixCVE-2022-45061
226315Oracle Database Server Oracle Database OML4PY denial of service404Not definedOfficial fixCVE-2022-45061
213273Python IDNA Decoder resource consumption400Not definedOfficial fixCVE-2022-45061

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!