Lucene search

K

Veracode Vulnerability DatabaseVERACODE:43609

HistoryOct 09, 2023 - 1:43 a.m.

Denial Of Service (DoS)

2023-10-0901:43:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

16

python2.7

vulnerability

dos attack

heappushpop

library

crash

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

44.5%

python2.7 is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the use after free in the library, allowing an attacker to cause an application crash through the heappushpop in heapq.

References

bugs.python.org/issue39421

lists.debian.org/debian-lts-announce/2023/09/msg00022.html

lists.debian.org/debian-lts-announce/2023/10/msg00017.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZ5OOBWNYWXFTZDMCGHJVGDLDTHLWITJ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VO7Y2YZSDK3UYJD2KBGLXRTGNG6T326J/

security-tracker.debian.org/tracker/CVE-2022-48560

security.netapp.com/advisory/ntap-20230929-0008/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

44.5%

Related for VERACODE:43609

nessus24 fedora2 osv13 openvas17 ubuntucve1 cvelist1 nvd1 debiancve1 ubuntu3 cloudlinux1 f51 ibm6 redhatcve1 cve1 prion1 almalinux2 amazon1 oraclelinux2 redhat11 debian2 photon1 ics1