SB2020052728 - Resource management error in python3 (Alpine package)
Published: May 27, 2020
Security Bulletin ID
SB2020052728
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2020-8492)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in urllib.request.AbstractBasicAuthHandler when processing HTTP responses. A remote attacker who controls a HTTP server can send a specially crafted HTTP response to the client application and conduct Regular Expression Denial of Service (ReDoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=17f08ccad8155759775705c3ce0f8ef82a912877
- https://git.alpinelinux.org/aports/commit/?id=05546ebd50da460f3e53d4c8df34747c56e47459
- https://git.alpinelinux.org/aports/commit/?id=5fbbd588ac1a7f3a4d779fe13c37b9ab4d65e259
- https://git.alpinelinux.org/aports/commit/?id=fa2e9ccaee464ee4185696c4ac889805f3814783
- https://git.alpinelinux.org/aports/commit/?id=3d60659100e95bd6d05aaceaef7aa2a1410107d8
- https://git.alpinelinux.org/aports/commit/?id=8135de912b23c9bd9649fa7b6a59ec455529b7af