CVE-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.

References

Affected packages

Git

github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Last affected

41cb07120b7792eac6413b0c56256a25e9b14e5d

Introduced

fa919fdf2583bdfead1df00e842f24f30b2a34bf

Last affected

44adf8a80a6e27a394094c99ec0fba8e7124bd7e

Introduced

9cf6752276e6fcfd0c23fdb064ad27f448aaaf75

Last affected

7e2815419663a2f82abf6c5e1f848fd1de7c8033

Last affected

9de83ce9704ba065626f483abf6c21b7b829104e

Introduced

b494f5935c92951e75597bfe1c8b1f3112fec270

Last affected

aaaf5174241496afca7ce4d4584570190ff972fe

Last affected

deaf509e8fc6e0363bd6f26d52ad42f976ec42f2

Last affected

ed7c3ff15680c1939fad468a238a5945dc25c5fd

Affected versions

v3.*

v3.10.0

v3.10.1

v3.10.2

v3.10.3

v3.10.4

v3.10.5

v3.10.6

v3.10.7

v3.10.8

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-45061.json"

github.com/rsyslog/rsyslog

Affected ranges

Type: GIT
Repo: https://github.com/rsyslog/rsyslog
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

8039c08300f8ff05058c2f71299337db062937bf

Affected versions

Other

Branchpoint_Stable_1-0

sysklogd-141-import

v0-9-1

v0-9-3

v0-9-4

v0-9-6

v0-9-7

v0-9-8

v1-10-0

v1-10-1

v1-10-2

v1-11-0

v1-11-1

v1-12-0

v1-12-1

v1-12-2

v1-12-3

v1-13-0

v1-13-1

v1-13-2

v1-13-3

v1-13-4

v1-13-5

v1-14-0

v1-14-1

v1-14-2

v1-15-0

v1-15-1

v1-16-0

v1-17-0

v1-17-1

v1-17-2

v1-17-3

v1-17-4

v1-17-5

v1-17-6

v1-18-0

v1-18-1

v1-18-2

v1-19-0

v1-19-1

v1-19-10

v1-19-2

v1-19-3

v1-19-4

v1-19-5

v1-19-6

v1-19-6b

v1-19-7

v1-19-9

v1-20-0

v1-20-1

v3-10-0

v3-10-1

v3-10-1a

v3-10-2

v3-10-2a

v3-10-3

v3-11-0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-45061.json"

github.com/wordpress/wordpress-develop

Affected ranges

Type: GIT
Repo: https://github.com/wordpress/wordpress-develop
Events: Introduced

c1b5c599c9d8d83ba3a1dcfe31570d1b0f6b4c3e

Last affected

07013682410e99743fd86d780a64757633b30661

Introduced

36e5687edb263228eb912d542ebad988e0672beb

Last affected

b481cb37552ec397181b2a30a2c7e1ffd88840d7

Last affected

ef050d0732c9ff7ba18182505fe363a45b1b25bc

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-45061.json"