Lucene search
UbuntuUSN-5833-1HistoryJan 31, 2023 - 12:00 a.m.
python-future vulnerability
2023-01-3100:00:00
ubuntu.com
36
python-future
ubuntu
http header
denial of service
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.7
Confidence
High
EPSS
0.005
Percentile
76.7%
Releases
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
Packages
- python-future - Clean single-source support for Python 3 and 2
Details
Sebastian Chnelik discovered that python-future incorrectly handled
certain HTTP header field. An attacker could possibly use this issue
to cause a denial of service.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 22.10 | noarch | python3-future | < 0.18.2-6ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | python-future-doc | < 0.18.2-6ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | python3-future | < 0.18.2-5ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | python-future-doc | < 0.18.2-5ubuntu0.1 | UNKNOWN |
| Ubuntu | 20.04 | noarch | python3-future | < 0.18.2-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 20.04 | noarch | python-future-doc | < 0.18.2-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | python3-future | < 0.15.2-4ubuntu2.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | python-future | < 0.15.2-4ubuntu2.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | python-future-doc | < 0.15.2-4ubuntu2.1 | UNKNOWN |
| Ubuntu | 16.04 | noarch | python3-future | < 0.15.2-1ubuntu0.1~esm1 | UNKNOWN |
References
Related
prion
prion
Code injection
2022-12-23 00:15:00
redos
redos
ROS-20230428-01
2023-04-28 00:00:00
redhatcve
redhatcve
CVE-2022-40899
2023-01-31 10:35:44
openvas
openvas
openSUSE: Security Advisory for python (SUSE-SU-2023:0079-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0078-1)
2023-01-12 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0076-1)
2023-01-12 00:00:00
ubuntucve
ubuntucve
CVE-2022-40899
2022-12-23 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Python Charmers Future (CVE-2022-40899)
2023-03-31 17:20:29
Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities
2023-06-20 04:41:00
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
2023-07-03 18:48:48
cvelist
cvelist
CVE-2022-40899
2022-12-22 00:00:00
debiancve
debiancve
CVE-2022-40899
2022-12-23 00:15:14
nessus
nessus
RHEL 7 : future (Unpatched Vulnerability)
2024-06-03 00:00:00
SUSE SLES12 Security Update : python-future (SUSE-SU-2023:0078-1)
2023-01-13 00:00:00
SUSE SLES12 Security Update : python3 (SUSE-SU-2023:0076-1)
2023-01-13 00:00:00
osv
osv
CVE-2022-40899
2022-12-23 00:15:14
Python Charmers Future denial of service vulnerability
2022-12-23 00:30:23
PYSEC-2022-42991
2022-12-23 00:15:00
cve
cve
CVE-2022-40899
2022-12-23 00:15:14
mageia
mageia
Updated python-future packages fix security vulnerability
2023-02-07 03:06:39
github
github
Python Charmers Future denial of service vulnerability
2022-12-23 00:30:23
nvd
nvd
CVE-2022-40899
2022-12-23 00:15:14
redhat
redhat
rocky
rocky
Satellite 6.14 security and bug fix update
2023-11-11 22:58:57
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.7
Confidence
High
EPSS
0.005
Percentile
76.7%
Related for USN-5833-1