Python拒绝服务漏洞

admin

0
文章

0
评论

2023-12-01 21:09:48 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

低危 Python拒绝服务漏洞

CVE编号

CVE-2020-14422

利用情况

暂无

补丁情况

官方补丁

披露时间

2020-06-19

漏洞描述

Python是Python软件基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。 Python 3.8.3及之前版本中的Lib/ipaddress.py文件的IPv4Interface和IPv6Interface存在资源管理错误漏洞，该漏洞源于程序未正确计算哈希值。远程攻击者可利用该漏洞造成拒绝服务或创建许多字典条目。

解决建议

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：https://bugs.python.org/issue41004

参考链接
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00041.html
https://bugs.python.org/issue41004
https://github.com/python/cpython/pull/20956
https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html
https://lists.debian.org/debian-lts-announce/2023/05/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://security.gentoo.org/glsa/202008-01
https://security.netapp.com/advisory/ntap-20200724-0004/
https://usn.ubuntu.com/4428-1/
https://www.oracle.com/security-alerts/cpujan2021.html

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	python	python	*	From (including) 3.0.0	Up to (excluding) 3.5.10
	运行在以下环境
	应用	python	python	*	From (including) 3.6.0	Up to (excluding) 3.6.12
	运行在以下环境
	应用	python	python	*	From (including) 3.7.0	Up to (excluding) 3.7.9
	运行在以下环境
	应用	python	python	*	From (including) 3.8.0	Up to (excluding) 3.8.4
	运行在以下环境
	系统	alibaba_cloud_linux_2.1903	python3-idle	*		Up to (excluding) 3.6.8-18.1.al7
	运行在以下环境
	系统	alpine_3.10	python3	*		Up to (excluding) 3.7.7-r1
	运行在以下环境
	系统	alpine_3.11	python3	*		Up to (excluding) 3.8.2-r1
	运行在以下环境
	系统	alpine_3.12	python3	*		Up to (excluding) 3.8.4-r0
	运行在以下环境
	系统	alpine_3.13	python3	*		Up to (excluding) 3.8.4-r0
	运行在以下环境
	系统	alpine_3.14	python3	*		Up to (excluding) 3.8.4-r0
	运行在以下环境
	系统	alpine_3.15	python3	*		Up to (excluding) 3.8.4-r0
	运行在以下环境
	系统	alpine_3.16	python3	*		Up to (excluding) 3.8.4-r0
	运行在以下环境
	系统	alpine_3.17	python3	*		Up to (excluding) 3.8.4-r0
	运行在以下环境
	系统	alpine_3.18	python3	*		Up to (excluding) 3.8.4-r0
	运行在以下环境
	系统	alpine_3.9	python3	*		Up to (excluding) 3.6.9-r3
	运行在以下环境
	系统	alpine_edge	python3	*		Up to (excluding) 3.8.4-r0
	运行在以下环境
	系统	amazon_2	python3	*		Up to (excluding) 1.0.16-2.amzn2.0.2
	运行在以下环境
	系统	amazon_AMI	python34	*		Up to (excluding) 3.6.12-1.19.amzn1
	运行在以下环境
	系统	anolis_os_8	pytz	*		Up to (excluding) 1.25.7-5
	运行在以下环境
	系统	centos_7	python3	*		Up to (excluding) 3.6.8-18.el7
	运行在以下环境
	系统	centos_8	platform-python-debug	*		Up to (excluding) 1.3.1-4.module+el8.2.0+5234+f98739b6
	运行在以下环境
	系统	debian_10	python-ipaddress	*		Up to (excluding) 2.7.16-2+deb10u1
	运行在以下环境
	系统	debian_11	python-ipaddress	*		Up to (excluding) 2.7.18-8+deb11u1
	运行在以下环境
	系统	debian_9	python3.5	*		Up to (excluding) 3.5.3-1+deb9u2
	运行在以下环境
	系统	fedora_31	python38-debugsource	*		Up to (excluding) 3.7.8-2.fc31
	运行在以下环境
	系统	fedora_32	python35-debuginfo	*		Up to (excluding) 3.8.4-1.fc32
	运行在以下环境
	系统	fedora_33	python3.5	*		Up to (excluding) 3.5.9-9.fc33
	运行在以下环境
	系统	fedora_34	python3.5-debuginfo	*		Up to (excluding) 3.5.9-9.fc34
	运行在以下环境
	系统	fedora_EPEL_7	python34-debuginfo	*		Up to (excluding) 3.4.10-6.el7
	运行在以下环境
	系统	kylinos_aarch64_V10	python-pip-help	*		Up to (excluding) 3.6.8-18.el7
	运行在以下环境
	系统	kylinos_aarch64_V10SP1	python-pip-help	*		Up to (excluding) 20.2.2-6.ky10
	运行在以下环境
系统	kylinos_aarch64_V10SP2	python-pip-help	*		Up to (excluding) 20.2.2-6.ky10
运行在以下环境
系统	kylinos_aarch64_V10SP3	python-pip-help	*		Up to (excluding) 20.2.2-6.ky10
运行在以下环境
系统	kylinos_loongarch64_V10SP1	python-pip-help	*		Up to (excluding) 20.2.2-6.a.ky10
运行在以下环境
系统	kylinos_loongarch64_V10SP3	python-pip-help	*		Up to (excluding) 20.2.2-6.a.ky10
运行在以下环境
系统	kylinos_x86_64_V10	python-pip-help	*		Up to (excluding) 3.6.8-18.el7
运行在以下环境
系统	kylinos_x86_64_V10SP1	python-pip-help	*		Up to (excluding) 20.2.2-6.ky10
运行在以下环境
系统	kylinos_x86_64_V10SP2	python-pip-help	*		Up to (excluding) 20.2.2-6.ky10
运行在以下环境
系统	kylinos_x86_64_V10SP3	python-pip-help	*		Up to (excluding) 20.2.2-6.ky10
运行在以下环境
系统	opensuse_Leap_15.1	python-ipaddress	*		Up to (excluding) 3.6.12-lp151.6.32.1
运行在以下环境
系统	opensuse_Leap_15.2	python-ipaddress	*		Up to (excluding) 3.6.12-lp152.4.14.1
运行在以下环境
系统	oracle_7	oraclelinux-release	*		Up to (excluding) 3.6.8-18.0.1.el7
运行在以下环境
系统	oracle_8	oraclelinux-release	*		Up to (excluding) 2.8.4-4.module+el8.3.0+7824+e0098946
运行在以下环境
系统	redhat_7	python3	*		Up to (excluding) 3.6.8-18.el7
运行在以下环境
系统	redhat_8	platform-python-debug	*		Up to (excluding) 1.3.1-4.module+el8.2.0+5234+f98739b6
运行在以下环境
系统	suse_12_SP5	python-ipaddress	*		Up to (excluding) 3.4.10-25.52.1
运行在以下环境
系统	ubuntu_16.04	python3.5	*		Up to (excluding) 3.5.2-2ubuntu0~16.04.11
运行在以下环境
系统	ubuntu_16.04.7_lts	python2.7	*		Up to (excluding) 2.7.12-1ubuntu0~16.04.12
运行在以下环境
系统	ubuntu_18.04	python3.6	*		Up to (excluding) 3.6.9-1~18.04ubuntu1.1
运行在以下环境
系统	ubuntu_18.04.5_lts	python2.7	*		Up to (excluding) 2.7.17-1~18.04ubuntu1.1
运行在以下环境
系统	ubuntu_20.04	python3.8	*		Up to (excluding) 3.8.2-1ubuntu1.2
运行在以下环境
系统	unionos_e	python-pip	*		Up to (excluding) python-pip-20.2.2-6.uel20