Lucene search
RedhatCVE-2012-3443HistoryJul 31, 2012 - 5:55 p.m.
CVE-2012-3443
2012-07-3117:55:04
CWE-20
redhat
web.nvd.nist.gov
62
cve-2012-3443
django
forms
imagefield
security
vulnerability
denial of service
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
6.2
Confidence
Low
EPSS
0.021
Percentile
89.1%
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.
Affected configurations
Node
djangoprojectdjangoRangeβ€1.3
ORdjangoprojectdjangoMatch0.95
ORdjangoprojectdjangoMatch0.96
ORdjangoprojectdjangoMatch1.0
ORdjangoprojectdjangoMatch1.0alpha1
ORdjangoprojectdjangoMatch1.0alpha2
ORdjangoprojectdjangoMatch1.0beta
ORdjangoprojectdjangoMatch1.0beta2
ORdjangoprojectdjangoMatch1.0.1
ORdjangoprojectdjangoMatch1.0.2
ORdjangoprojectdjangoMatch1.1
ORdjangoprojectdjangoMatch1.1alpha1
ORdjangoprojectdjangoMatch1.1beta1
ORdjangoprojectdjangoMatch1.1rc1
ORdjangoprojectdjangoMatch1.1.2
ORdjangoprojectdjangoMatch1.1.3
ORdjangoprojectdjangoMatch1.1.4
ORdjangoprojectdjangoMatch1.2
ORdjangoprojectdjangoMatch1.2beta1
ORdjangoprojectdjangoMatch1.2rc1
ORdjangoprojectdjangoMatch1.2-alpha1
ORdjangoprojectdjangoMatch1.2.2
ORdjangoprojectdjangoMatch1.2.4
ORdjangoprojectdjangoMatch1.2.5
ORdjangoprojectdjangoMatch1.2.6
ORdjangoprojectdjangoMatch1.2.7
ORdjangoprojectdjangoMatch1.3alpha1
ORdjangoprojectdjangoMatch1.3beta1
ORdjangoprojectdjangoMatch1.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| djangoproject | django | * | cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:* |
| djangoproject | django | 0.95 | cpe:2.3:a:djangoproject:django:0.95:*:*:*:*:*:*:* |
| djangoproject | django | 0.96 | cpe:2.3:a:djangoproject:django:0.96:*:*:*:*:*:*:* |
| djangoproject | django | 1.0 | cpe:2.3:a:djangoproject:django:1.0:*:*:*:*:*:*:* |
| djangoproject | django | 1.0 | cpe:2.3:a:djangoproject:django:1.0:alpha1:*:*:*:*:*:* |
| djangoproject | django | 1.0 | cpe:2.3:a:djangoproject:django:1.0:alpha2:*:*:*:*:*:* |
| djangoproject | django | 1.0 | cpe:2.3:a:djangoproject:django:1.0:beta:*:*:*:*:*:* |
| djangoproject | django | 1.0 | cpe:2.3:a:djangoproject:django:1.0:beta2:*:*:*:*:*:* |
| djangoproject | django | 1.0.1 | cpe:2.3:a:djangoproject:django:1.0.1:*:*:*:*:*:*:* |
| djangoproject | django | 1.0.2 | cpe:2.3:a:djangoproject:django:1.0.2:*:*:*:*:*:*:* |
Related
osv
osv
PYSEC-2012-3
2012-07-31 17:55:00
Django Image Field Vulnerable to Image Decompression Bombs
2022-05-17 05:12:01
python-django - several
2012-08-14 00:00:00
cvelist
cvelist
CVE-2012-3443
2012-07-31 17:00:00
ubuntucve
ubuntucve
CVE-2012-3443
2012-07-31 00:00:00
github
github
Django Image Field Vulnerable to Image Decompression Bombs
2022-05-17 05:12:01
debiancve
debiancve
CVE-2012-3443
2012-07-31 17:55:04
prion
prion
Design/Logic Flaw
2012-07-31 17:55:00
nvd
nvd
CVE-2012-3443
2012-07-31 17:55:04
gitlab
gitlab
Improper Input Validation
2022-05-17 00:00:00
nessus
nessus
Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : python-django vulnerabilities (USN-1560-1)
2012-09-11 00:00:00
FreeBSD : django -- multiple vulnerabilities (f01292a0-db3c-11e1-a84b-00e0814cab4e)
2012-08-01 00:00:00
Fedora 16 : Django-1.3.2-1.fc16 (2012-11416)
2012-08-13 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: Django-1.4.1-1.fc17
2012-08-10 22:27:19
[SECURITY] Fedora 17 Update: Django-1.4.3-1.fc17
2012-12-20 03:20:48
[SECURITY] Fedora 16 Update: Django-1.3.2-1.fc16
2012-08-10 22:34:03
seebug
seebug
Djangoθ·¨η«θζ¬ζ§θ‘εδΈ€δΈͺζη»ζε‘ζΌζ΄
2012-08-03 00:00:00
ubuntu
ubuntu
Django vulnerabilities
2012-09-10 00:00:00
openvas
openvas
Fedora Update for Django FEDORA-2012-20224
2012-12-26 00:00:00
FreeBSD Ports: py26-django, py27-django
2012-08-10 00:00:00
freebsd
freebsd
django -- multiple vulnerabilities
2012-07-30 00:00:00
debian
debian
[SECURITY] [DSA 2529-1] python-django security update
2012-08-14 20:05:21
securityvulns
securityvulns
[ MDVSA-2012:143 ] python-django
2012-09-03 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
6.2
Confidence
Low
EPSS
0.021
Percentile
89.1%
Related for CVE-2012-3443