Wind River Support Network

HomeDefectsLIN1019-3979
Fixed

LIN1019-3979 : Security Advisory - python - CVE-2020-8492

Created: Feb 1, 2020    Updated: Apr 21, 2022
Resolved Date: Jun 10, 2020
Found In Version: 10.19.45.1
Fix Version: 10.19.45.8
Severity: Standard
Applicable for: Wind River Linux LTS 19
Component/s: Userspace

Description

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

CREATE(Triage):(User=admin) CVE-2020-8492 (https://nvd.nist.gov/vuln/detail/CVE-2020-8492)

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube