UBUNTU-CVE-2024-7592

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2024-7592

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-7592.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-7592

Related

Published

2024-08-19T19:15:00Z

Modified

2024-08-19T19:15:00Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

References

Affected packages

Ubuntu:Pro:14.04:LTS / python2.7

Package

Name: python2.7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.5-8ubuntu3

2.7.5-8ubuntu4

2.7.6-2

2.7.6-2ubuntu1

2.7.6-3

2.7.6-3ubuntu1

2.7.6-4

2.7.6-4ubuntu1

2.7.6-5

2.7.6-7

2.7.6-8

2.7.6-8ubuntu0.2

2.7.6-8ubuntu0.3

2.7.6-8ubuntu0.4

2.7.6-8ubuntu0.5

2.7.6-8ubuntu0.6+esm2

2.7.6-8ubuntu0.6+esm3

2.7.6-8ubuntu0.6+esm5

2.7.6-8ubuntu0.6+esm6

2.7.6-8ubuntu0.6+esm7

2.7.6-8ubuntu0.6+esm8

2.7.6-8ubuntu0.6+esm9

2.7.6-8ubuntu0.6+esm10

2.7.6-8ubuntu0.6+esm11

2.7.6-8ubuntu0.6+esm12

2.7.6-8ubuntu0.6+esm13

2.7.6-8ubuntu0.6+esm14

2.7.6-8ubuntu0.6+esm15

2.7.6-8ubuntu0.6+esm16

2.7.6-8ubuntu0.6+esm17

2.7.6-8ubuntu0.6+esm18

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Per upstream developers, this is a low severity issue"
}

Ubuntu:Pro:14.04:LTS / python3.4

Package

Name: python3.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.4~b1-0ubuntu3

3.4~b1-4ubuntu4

3.4~b1-4ubuntu6

3.4~b1-5ubuntu2

3.4~b2-1

3.4~b3-1ubuntu1

3.4~rc1-1build1

3.4~rc2-1

3.4~rc3-0ubuntu1

3.4.0-1

3.4.0-2ubuntu1

3.4.0-2ubuntu1.1

3.4.3-1ubuntu1~14.04.1

3.4.3-1ubuntu1~14.04.3

3.4.3-1ubuntu1~14.04.4

3.4.3-1ubuntu1~14.04.5

3.4.3-1ubuntu1~14.04.6

3.4.3-1ubuntu1~14.04.7

3.4.3-1ubuntu1~14.04.7+esm2

3.4.3-1ubuntu1~14.04.7+esm4

3.4.3-1ubuntu1~14.04.7+esm6

3.4.3-1ubuntu1~14.04.7+esm7

3.4.3-1ubuntu1~14.04.7+esm8

3.4.3-1ubuntu1~14.04.7+esm10

3.4.3-1ubuntu1~14.04.7+esm11

3.4.3-1ubuntu1~14.04.7+esm12

3.4.3-1ubuntu1~14.04.7+esm13

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Per upstream developers, this is a low severity issue"
}

Ubuntu:Pro:14.04:LTS / python3.5

Package

Name: python3.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.5.2-2ubuntu0~16.04.4~14.04.1

3.5.2-2ubuntu0~16.04.4~14.04.1+esm1

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Per upstream developers, this is a low severity issue"
}

Ubuntu:Pro:16.04:LTS / python2.7

Package

Name: python2.7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.10-4ubuntu1

2.7.10-4ubuntu2

2.7.11-2

2.7.11-3

2.7.11-4

2.7.11-6

2.7.11-7

2.7.11-7ubuntu1

2.7.12-1~16.04

2.7.12-1ubuntu0~16.04.1

2.7.12-1ubuntu0~16.04.2

2.7.12-1ubuntu0~16.04.3

2.7.12-1ubuntu0~16.04.4

2.7.12-1ubuntu0~16.04.8

2.7.12-1ubuntu0~16.04.9

2.7.12-1ubuntu0~16.04.11

2.7.12-1ubuntu0~16.04.12

2.7.12-1ubuntu0~16.04.13

2.7.12-1ubuntu0~16.04.14

2.7.12-1ubuntu0~16.04.16

2.7.12-1ubuntu0~16.04.18

2.7.12-1ubuntu0~16.04.18+esm1

2.7.12-1ubuntu0~16.04.18+esm2

2.7.12-1ubuntu0~16.04.18+esm3

2.7.12-1ubuntu0~16.04.18+esm4

2.7.12-1ubuntu0~16.04.18+esm5

2.7.12-1ubuntu0~16.04.18+esm6

2.7.12-1ubuntu0~16.04.18+esm7

2.7.12-1ubuntu0~16.04.18+esm8

2.7.12-1ubuntu0~16.04.18+esm9

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Per upstream developers, this is a low severity issue"
}

Ubuntu:Pro:16.04:LTS / python3.5

Package

Name: python3.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.5.0-3

3.5.0-3ubuntu1

3.5.1~rc1-2ubuntu1

3.5.1-1

3.5.1-2

3.5.1-3

3.5.1-5

3.5.1-6ubuntu1

3.5.1-6ubuntu2

3.5.1-9ubuntu1

3.5.1-10

3.5.2-2~16.01

3.5.2-2~16.04

3.5.2-2ubuntu0~16.04.1

3.5.2-2ubuntu0~16.04.2

3.5.2-2ubuntu0~16.04.3

3.5.2-2ubuntu0~16.04.4

3.5.2-2ubuntu0~16.04.5

3.5.2-2ubuntu0~16.04.8

3.5.2-2ubuntu0~16.04.9

3.5.2-2ubuntu0~16.04.10

3.5.2-2ubuntu0~16.04.11

3.5.2-2ubuntu0~16.04.12

3.5.2-2ubuntu0~16.04.13

3.5.2-2ubuntu0~16.04.13+esm1

3.5.2-2ubuntu0~16.04.13+esm2

3.5.2-2ubuntu0~16.04.13+esm3

3.5.2-2ubuntu0~16.04.13+esm5

3.5.2-2ubuntu0~16.04.13+esm6

3.5.2-2ubuntu0~16.04.13+esm7

3.5.2-2ubuntu0~16.04.13+esm8

3.5.2-2ubuntu0~16.04.13+esm9

3.5.2-2ubuntu0~16.04.13+esm10

3.5.2-2ubuntu0~16.04.13+esm11

3.5.2-2ubuntu0~16.04.13+esm12

3.5.2-2ubuntu0~16.04.13+esm13

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Per upstream developers, this is a low severity issue"
}

Ubuntu:Pro:18.04:LTS / python2.7

Package

Name: python2.7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.14-2ubuntu2

2.7.14-4

2.7.14-6

2.7.14-7

2.7.14-8

2.7.15~rc1-1

2.7.15~rc1-1ubuntu0.1

2.7.15-4ubuntu4~18.04

2.7.15-4ubuntu4~18.04.1

2.7.15-4ubuntu4~18.04.2

2.7.17-1~18.04

2.7.17-1~18.04ubuntu1

2.7.17-1~18.04ubuntu1.1

2.7.17-1~18.04ubuntu1.2

2.7.17-1~18.04ubuntu1.3

2.7.17-1~18.04ubuntu1.5

2.7.17-1~18.04ubuntu1.6

2.7.17-1~18.04ubuntu1.7

2.7.17-1~18.04ubuntu1.8

2.7.17-1~18.04ubuntu1.10

2.7.17-1~18.04ubuntu1.11

2.7.17-1~18.04ubuntu1.13

2.7.17-1~18.04ubuntu1.13+esm1

2.7.17-1~18.04ubuntu1.13+esm2

2.7.17-1~18.04ubuntu1.13+esm3

2.7.17-1~18.04ubuntu1.13+esm4

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Per upstream developers, this is a low severity issue"
}

Ubuntu:Pro:18.04:LTS / python3.6

Package

Name: python3.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.3-1ubuntu1

3.6.4~rc1-1

3.6.4~rc1-2

3.6.4-1

3.6.4-2

3.6.4-3build1

3.6.4-4

3.6.5~rc1-1

3.6.5-3

3.6.6-1~18.04

3.6.7-1~18.04

3.6.8-1~18.04.1

3.6.8-1~18.04.2

3.6.8-1~18.04.3

3.6.9-1~18.04

3.6.9-1~18.04ubuntu1

3.6.9-1~18.04ubuntu1.1

3.6.9-1~18.04ubuntu1.3

3.6.9-1~18.04ubuntu1.4

3.6.9-1~18.04ubuntu1.6

3.6.9-1~18.04ubuntu1.7

3.6.9-1~18.04ubuntu1.8

3.6.9-1~18.04ubuntu1.9

3.6.9-1~18.04ubuntu1.10

3.6.9-1~18.04ubuntu1.12

3.6.9-1~18.04ubuntu1.13

3.6.9-1~18.04ubuntu1.13+esm1

3.6.9-1~18.04ubuntu1.13+esm2

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Per upstream developers, this is a low severity issue"
}

Ubuntu:Pro:18.04:LTS / python3.7

Package

Name: python3.7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.7.0~a2-1

3.7.0~a3-1

3.7.0~a3-2

3.7.0~a3-3

3.7.0~a4-1

3.7.0~b1-1

3.7.0~b1-1build1

3.7.0~b2-1

3.7.0~b3-1

3.7.0-1~18.04

3.7.1-1~18.04

3.7.3-2~18.04.1

3.7.5-2~18.04

3.7.5-2~18.04.4

3.7.5-2ubuntu1~18.04.2

3.7.5-2ubuntu1~18.04.2+esm1

3.7.5-2ubuntu1~18.04.2+esm2

3.7.5-2ubuntu1~18.04.2+esm3

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Per upstream developers, this is a low severity issue"
}

Ubuntu:Pro:18.04:LTS / python3.8

Package

Name: python3.8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.8.0-3~18.04

3.8.0-3~18.04.1

3.8.0-3ubuntu1~18.04.2

3.8.0-3ubuntu1~18.04.2+esm1

3.8.0-3ubuntu1~18.04.2+esm2

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Per upstream developers, this is a low severity issue"
}

Ubuntu:20.04:LTS / python2.7

Package

Name: python2.7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.17~rc1-1

2.7.17-1

2.7.17-1ubuntu5

2.7.17-1ubuntu6

2.7.18~rc1-2

2.7.18-1~20.04

2.7.18-1~20.04.1

2.7.18-1~20.04.3

2.7.18-1~20.04.4

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Per upstream developers, this is a low severity issue"
}

Ubuntu:20.04:LTS / python3.8

Package

Name: python3.8
Purl: pkg:deb/ubuntu/python3.8@3.8.10-0ubuntu1~20.04.12?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.8.10-0ubuntu1~20.04.12

Affected versions

3.*

3.8.0-1

3.8.0-2

3.8.0-3

3.8.0-4

3.8.0-5

3.8.1-2ubuntu3

3.8.2~rc1-1ubuntu1

3.8.2-1

3.8.2-1ubuntu1

3.8.2-1ubuntu1.1

3.8.2-1ubuntu1.2

3.8.5-1~20.04

3.8.5-1~20.04.2

3.8.5-1~20.04.3

3.8.10-0ubuntu1~20.04

3.8.10-0ubuntu1~20.04.1

3.8.10-0ubuntu1~20.04.2

3.8.10-0ubuntu1~20.04.4

3.8.10-0ubuntu1~20.04.5

3.8.10-0ubuntu1~20.04.6

3.8.10-0ubuntu1~20.04.7

3.8.10-0ubuntu1~20.04.8

3.8.10-0ubuntu1~20.04.9

3.8.10-0ubuntu1~20.04.10

3.8.10-0ubuntu1~20.04.11

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "libpython3.8": "3.8.10-0ubuntu1~20.04.12",
            "libpython3.8-minimal": "3.8.10-0ubuntu1~20.04.12",
            "python3.8-dbg": "3.8.10-0ubuntu1~20.04.12",
            "python3.8-doc": "3.8.10-0ubuntu1~20.04.12",
            "python3.8-minimal": "3.8.10-0ubuntu1~20.04.12",
            "libpython3.8-testsuite": "3.8.10-0ubuntu1~20.04.12",
            "idle-python3.8": "3.8.10-0ubuntu1~20.04.12",
            "libpython3.8-dbg": "3.8.10-0ubuntu1~20.04.12",
            "python3.8": "3.8.10-0ubuntu1~20.04.12",
            "python3.8-venv": "3.8.10-0ubuntu1~20.04.12",
            "python3.8-full": "3.8.10-0ubuntu1~20.04.12",
            "python3.8-examples": "3.8.10-0ubuntu1~20.04.12",
            "libpython3.8-stdlib": "3.8.10-0ubuntu1~20.04.12",
            "python3.8-dev": "3.8.10-0ubuntu1~20.04.12",
            "libpython3.8-dev": "3.8.10-0ubuntu1~20.04.12"
        }
    ],
    "priority_reason": "Per upstream developers, this is a low severity issue"
}

Ubuntu:20.04:LTS / python3.9

Package

Name: python3.9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.9.0~rc1-1~20.04

3.9.0-5~20.04

3.9.5-3~20.04.1

3.9.5-3ubuntu0~20.04.1

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Per upstream developers, this is a low severity issue"
}

Ubuntu:22.04:LTS / python2.7

Package

Name: python2.7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.18-8build1

2.7.18-13

2.7.18-13ubuntu1

2.7.18-13ubuntu1.1

2.7.18-13ubuntu1.2

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Per upstream developers, this is a low severity issue"
}

Ubuntu:22.04:LTS / python3.10

Package

Name: python3.10
Purl: pkg:deb/ubuntu/python3.10@3.10.12-1~22.04.6?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.12-1~22.04.6

Affected versions

3.*

3.10.0-2

3.10.0-3

3.10.0-4

3.10.0-5

3.10.0-5build1

3.10.1-1

3.10.1-2

3.10.2-1

3.10.2-5

3.10.2-7

3.10.3-1

3.10.4-3

3.10.4-3ubuntu0.1

3.10.6-1~22.04

3.10.6-1~22.04.1

3.10.6-1~22.04.2

3.10.6-1~22.04.2ubuntu1

3.10.6-1~22.04.2ubuntu1.1

3.10.12-1~22.04.2

3.10.12-1~22.04.3

3.10.12-1~22.04.4

3.10.12-1~22.04.5

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "libpython3.10": "3.10.12-1~22.04.6",
            "python3.10": "3.10.12-1~22.04.6",
            "libpython3.10-stdlib": "3.10.12-1~22.04.6",
            "python3.10-examples": "3.10.12-1~22.04.6",
            "libpython3.10-dev": "3.10.12-1~22.04.6",
            "python3.10-dev": "3.10.12-1~22.04.6",
            "python3.10-doc": "3.10.12-1~22.04.6",
            "python3.10-nopie": "3.10.12-1~22.04.6",
            "libpython3.10-testsuite": "3.10.12-1~22.04.6",
            "python3.10-venv": "3.10.12-1~22.04.6",
            "libpython3.10-minimal": "3.10.12-1~22.04.6",
            "python3.10-full": "3.10.12-1~22.04.6",
            "python3.10-dbg": "3.10.12-1~22.04.6",
            "idle-python3.10": "3.10.12-1~22.04.6",
            "python3.10-minimal": "3.10.12-1~22.04.6",
            "libpython3.10-dbg": "3.10.12-1~22.04.6"
        }
    ],
    "priority_reason": "Per upstream developers, this is a low severity issue"
}

Ubuntu:22.04:LTS / python3.11

Package

Name: python3.11

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.11.0~rc1-1~22.04

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "Per upstream developers, this is a low severity issue"
}

Ubuntu:24.04:LTS / python3.12

Package

Name: python3.12
Purl: pkg:deb/ubuntu/python3.12@3.12.3-1ubuntu0.2?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.12.3-1ubuntu0.2

Affected versions

3.*

3.12.0-1

3.12.0-5

3.12.0-6

3.12.0-7

3.12.1-2

3.12.2-1

3.12.2-4build3

3.12.2-4build4

3.12.2-5ubuntu3

3.12.3-1

3.12.3-1ubuntu0.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "python3.12-dbg": "3.12.3-1ubuntu0.2",
            "libpython3.12t64": "3.12.3-1ubuntu0.2",
            "python3.12-doc": "3.12.3-1ubuntu0.2",
            "python3.12": "3.12.3-1ubuntu0.2",
            "python3.12-minimal": "3.12.3-1ubuntu0.2",
            "python3.12-nopie": "3.12.3-1ubuntu0.2",
            "libpython3.12t64-dbg": "3.12.3-1ubuntu0.2",
            "libpython3.12-testsuite": "3.12.3-1ubuntu0.2",
            "python3.12-examples": "3.12.3-1ubuntu0.2",
            "python3.12-dev": "3.12.3-1ubuntu0.2",
            "idle-python3.12": "3.12.3-1ubuntu0.2",
            "libpython3.12-stdlib": "3.12.3-1ubuntu0.2",
            "libpython3.12-minimal": "3.12.3-1ubuntu0.2",
            "python3.12-venv": "3.12.3-1ubuntu0.2",
            "libpython3.12-dev": "3.12.3-1ubuntu0.2",
            "python3.12-full": "3.12.3-1ubuntu0.2"
        }
    ],
    "priority_reason": "Per upstream developers, this is a low severity issue"
}