发布时间: 2022年9月29日
修改时间: 2022年9月29日
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 5.9 | 5.9 |
| Attack Vector | Network | Network |
| Attack Complexity | High | High |
| Privileges Required | None | None |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality | None | None |
| Integrity | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-2106 | python-pip security update | 2022年9月23日 |
| KylinSec-SA-2022-2117 | python-pip security update | 2022年9月23日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | python-pip | Fixed |
| KY3.4-5A | python-pip | Fixed |
| KY3.5.1 | python-pip | Unaffected |
