Wind River Support Network

Home CVE Database CVE-2024-7592

CVE-2024-7592

Description

There is a LOW severity vulnerability affecting CPython, specifically the \'http.cookies\' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

Priority: LOW

CVSS v3: 7.5

Component: python3.9

Publish Date: Aug 19, 2024

Related ID: --

CVSS v2: HIGH

Modified Date: Aug 20, 2024

Find out more about CVE-2024-7592 from the MITRE-CVE dictionary and NIST NVD

Products Affected

Product Name	Status	Defect	Fixed	Downloads
Linux
Wind River Linux LTS 17	Requires LTSS	--	--	--
Wind River Linux 8	Requires LTSS	--	--	--
Wind River Linux 9	Requires LTSS	--	--	--
Wind River Linux 7	Requires LTSS	--	--	--
Wind River Linux LTS 21	Fixed	LIN1021-10832	10.21.20.24	--
Wind River Linux LTS 22	Fixed	LIN1022-10357	10.22.33.19	--
Wind River Linux LTS 18	Requires LTSS	--	--	--
Wind River Linux LTS 19	Investigate	--	--	--
Wind River Linux CD release	N/A	--	--	--
Wind River Linux 6	Requires LTSS	--	--	--
Wind River Linux LTS 23	Investigate	--	--	--
Wind River Linux LTS 24	Fixed	LIN1024-3839	10.24.33.3	--
VxWorks
VxWorks 7	Vulnerable	--	--	--
VxWorks 6.9	Not Vulnerable	--	--	--
Helix Virtualization Platform Cert Edition
Helix Virtualization Platform Cert Edition	Not Vulnerable	--	--	--
eLxr
eLxr 12	Vulnerable	--	--	--
Wind River Studio Cloud Platform

Related Products

Product Name	Status	Defect	Fixed	Downloads

Notes
Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.