Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-202105-24
HistoryMay 25, 2021 - 12:00 a.m.

[ASA-202105-24] python-pydantic: denial of service

2021-05-2500:00:00
security.archlinux.org
206
python-pydantic
denial of service
vulnerability

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

54.8%

JSON

Arch Linux Security Advisory ASA-202105-24

Severity: Medium
Date : 2021-05-25
CVE-ID : CVE-2021-29510
Package : python-pydantic
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-1951

Summary

The package python-pydantic before version 1.8.2-1 is vulnerable to
denial of service.

Resolution

Upgrade to 1.8.2-1.

pacman -Syu “python-pydantic>=1.8.2-1”

The problem has been fixed upstream in version 1.8.2.

Workaround

None.

Description

A security issue has been found in pydantic before version 1.8.2.
Passing either ‘infinity’, ‘inf’ or float(‘inf’) (or their negatives)
to datetime or date fields causes validation to run forever with 100%
CPU usage (on one CPU).

Impact

An attacker could cause high CPU usage using invalid datetime or date
fields, leading to denial of service.

References

https://github.com/samuelcolvin/pydantic/security/advisories/GHSA-5jqp-qgf6-3pvh
https://github.com/samuelcolvin/pydantic/commit/1c24f1d74ba95ea985b50bdc001ce96c813229aa
https://security.archlinux.org/CVE-2021-29510

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanypython-pydantic< 1.8.2-1UNKNOWN

Related

prion 1
openvas 6
ubuntu 1
cve 1
nvd 1
osv 4
fedora 5
veracode 1
debiancve 1
nessus 1
cvelist 1
ubuntucve 1
github 1
prion
prion
Design/Logic Flaw
2021-05-13 19:15:00
openvas
openvas
Ubuntu: Security Advisory (USN-6553-1)
2023-12-13 00:00:00
Fedora: Security Advisory for python-databases (FEDORA-2021-e7fabd81fb)
2021-05-27 00:00:00
Fedora: Security Advisory for python-fastapi (FEDORA-2021-e7fabd81fb)
2021-05-27 00:00:00
ubuntu
ubuntu
Pydantic vulnerability
2023-12-12 00:00:00
cve
cve
CVE-2021-29510
2021-05-13 19:15:08
nvd
nvd
CVE-2021-29510
2021-05-13 19:15:08
osv
osv
Use of "infinity" as an input to datetime and date fields causes infinite loop in pydantic
2021-05-13 20:23:17
CVE-2021-29510
2021-05-13 19:15:08
pydantic vulnerability
2023-12-12 17:47:24
fedora
fedora
[SECURITY] Fedora 34 Update: python-starlette-0.14.2-6.fc34
2021-05-23 01:07:39
[SECURITY] Fedora 34 Update: python-pydantic-1.7.4-1.fc34
2021-05-21 03:23:39
[SECURITY] Fedora 34 Update: python-databases-0.4.3-2.fc34
2021-05-23 01:07:39
veracode
veracode
Denial Of Service (DoS)
2021-05-14 04:33:50
debiancve
debiancve
CVE-2021-29510
2021-05-13 19:15:08
nessus
nessus
Ubuntu 20.04 ESM : Pydantic vulnerability (USN-6553-1)
2023-12-12 00:00:00
cvelist
cvelist
CVE-2021-29510 Use of "infinity" as an input to datetime and date fields causes infinite loop in pydantic
2021-05-13 18:55:11
ubuntucve
ubuntucve
CVE-2021-29510
2021-05-13 00:00:00
github
github
Use of "infinity" as an input to datetime and date fields causes infinite loop in pydantic
2021-05-13 20:23:17

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

54.8%

JSON
Related for ASA-202105-24
prion1openvas6ubuntu1cve1nvd1osv4fedora5veracode1debiancve1nessus1cvelist1ubuntucve1github1