Wind River Support Network

HomeDefectsLIN1022-10357
Fixed

LIN1022-10357 : Security Advisory - python - CVE-2024-7592

Created: Aug 17, 2024    Updated: Oct 9, 2024
Resolved Date: Oct 8, 2024
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Userspace

Description

There is a LOW severity vulnerability affecting CPython, specifically the
'http.cookies' standard library module.


When parsing cookies that contained backslashes for quoted characters in
the cookie value, the parser would use an algorithm with quadratic
complexity, resulting in excess CPU resources being used while parsing the
value.

https://nvd.nist.gov/vuln/detail/CVE-2024-7592

CVEs


Live chat
Online