Lucene search
RedhatCVE-2023-5625HistoryNov 01, 2023 - 2:15 p.m.
CVE-2023-5625
2023-11-0114:15:38
CWE-400
redhat
web.nvd.nist.gov
120
red hat
python
eventlet
regression
cve-2023-5625
security vulnerability
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
5.7
Confidence
High
EPSS
0.001
Percentile
47.2%
A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.
Affected configurations
Node
redhatopenshift_container_platform_for_arm64Match4.12
ORredhatopenshift_container_platform_for_linuxoneMatch4.12
ORredhatopenshift_container_platform_for_powerMatch4.12
ORredhatopenshift_container_platform_ibm_z_systemsMatch4.12
redhatenterprise_linuxMatch8.0
ORredhatenterprise_linuxMatch9.0
Node
redhatopenstack_platformMatch17.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | openshift_container_platform_for_arm64 | 4.12 | cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:*:*:*:*:*:*:* |
| redhat | openshift_container_platform_for_linuxone | 4.12 | cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:*:*:*:*:*:*:* |
| redhat | openshift_container_platform_for_power | 4.12 | cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:*:*:*:*:*:*:* |
| redhat | openshift_container_platform_ibm_z_systems | 4.12 | cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 8.0 | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 9.0 | cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
| redhat | openstack_platform | 17.1 | cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Ironic content for Red Hat OpenShift Container Platform 4.12",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "python-eventlet",
"defaultStatus": "affected",
"versions": [
{
"version": "0:0.30.2-4.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift:4.12::el9",
"cpe:/a:redhat:openshift:4.12::el8",
"cpe:/a:redhat:openshift_ironic:4.12::el9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 17.1 for RHEL 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "python-eventlet",
"defaultStatus": "affected",
"versions": [
{
"version": "0:0.30.2-4.el8ost",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openstack:17.1::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "python-eventlet",
"defaultStatus": "affected",
"versions": [
{
"version": "0:0.30.2-4.el9ost",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openstack:17.1::el9"
]
}
]Related
redhat
redhat
nvd
nvd
CVE-2023-5625
2023-11-01 14:15:38
CVE-2021-21419
2021-05-07 15:15:07
prion
prion
Design/Logic Flaw
2023-11-01 14:15:00
Code injection
2021-05-07 15:15:00
vulnrichment
vulnrichment
cvelist
cvelist
redhatcve
redhatcve
CVE-2023-5625
2023-10-19 21:27:27
CVE-2021-21419
2021-05-11 20:54:43
debiancve
debiancve
CVE-2023-5625
2023-11-01 14:15:38
CVE-2021-21419
2021-05-07 15:15:07
nessus
nessus
RHEL 9 : Red Hat OpenStack Platform 17.1 (python-eventlet) (RHSA-2024:0213)
2024-01-16 00:00:00
RHEL 9 : OpenShift Container Platform 4.12.41 (RHSA-2023:6128)
2024-04-28 00:00:00
RHEL 8 : Red Hat OpenStack Platform 17.1 (python-eventlet) (RHSA-2024:0188)
2024-04-28 00:00:00
ubuntucve
ubuntucve
CVE-2023-5625
2023-11-01 00:00:00
CVE-2021-21419
2021-05-07 00:00:00
redos
redos
ROS-20240409-13
2024-04-09 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: python-eventlet-0.31.0-1.fc34
2021-05-25 01:09:52
[SECURITY] Fedora 33 Update: python-eventlet-0.31.0-1.fc33
2021-05-25 01:10:23
osv
osv
PYSEC-2021-12
2021-05-07 15:15:00
Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet
2021-05-07 15:50:36
python-eventlet vulnerability
2021-05-17 13:32:42
veracode
veracode
Denial Of Service (DoS)
2021-05-10 02:49:48
github
github
mageia
mageia
Updated python-eventlet packages fix security vulnerability
2021-06-18 22:24:28
openvas
openvas
Fedora: Security Advisory for python-eventlet (FEDORA-2021-9fde3d7ab1)
2021-05-27 00:00:00
Mageia: Security Advisory (MGASA-2021-0266)
2022-01-28 00:00:00
Fedora: Security Advisory for python-eventlet (FEDORA-2021-d5915c247b)
2021-05-27 00:00:00
cve
cve
CVE-2021-21419
2021-05-07 15:15:07
ubuntu
ubuntu
Eventlet vulnerability
2021-05-17 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
5.7
Confidence
High
EPSS
0.001
Percentile
47.2%
Related for CVE-2023-5625