Veracode Vulnerability DatabaseVERACODE:46421Denial Of Service (DoS)
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
AI Score
Confidence
High
EPSS
Percentile
13.0%
eventlet and dnspython are vulnerable to Denial Of Service (DoS). The vulnerability is due to a lack of enforcing the preferred behavior of waiting for a valid packet during DNS name resolution, allowing remote attackers to interfere with the resolution process by quickly sending an invalid packet from the expected IP address and source port.
References
github.com/advisories/GHSA-3rq5-2g8h-59hc
github.com/eventlet/eventlet/commit/51e3c4928d4938beb576eff34f3bf97e6e64e6b4
github.com/eventlet/eventlet/issues/913
github.com/eventlet/eventlet/releases/tag/v0.35.2
github.com/rthalley/dnspython/commit/0ea5ad0a4583e1f519b9bcc67cfac381230d9cf2
github.com/rthalley/dnspython/issues/1045
github.com/rthalley/dnspython/releases/tag/v2.6.0
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3BNSIK5NFYSAP53Y45GOCMOQHHDLGIF/
security.netapp.com/advisory/ntap-20240510-0001/
www.dnspython.org/
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
AI Score
Confidence
High
EPSS
Percentile
13.0%