Summaryinfo

A vulnerability identified as problematic has been detected in Python 2.7/3.3/3.4. This impacts an unknown function of the component Generator Handler. This manipulation causes denial of service. In addition, an exploit is available. You should upgrade the affected component.

Detailsinfo

A vulnerability has been found in Python 2.7/3.3/3.4 (Programming Language Software) and classified as problematic. Affected by this vulnerability is some unknown functionality of the component Generator Handler. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability.

The weakness was presented 03/18/2013 by Anssi Kääriäinen as Issue 17468 as not defined bug report (Bugtraq). The advisory is shared at bugs.python.org. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details are unknown but a public exploit is available.

After immediately, there has been an exploit disclosed. It is declared as proof-of-concept.

Upgrading to version 1.5.1 eliminates this vulnerability. A possible mitigation has been published 2 weeks after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at OSVDB (101659†). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Affected

• Python 2.7/3.3/3.4
• Django 1.5.0

Productinfo

Type

• Programming Language Software

Name

• Python

Version

• 2.7
• 3.3
• 3.4

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion