Main Vulnerability Database Vulnerabilities #VU71642

#VU71642 Incorrect Regular Expression in python-py - CVE-2022-42969

Published: January 30, 2023

Vulnerability identifier: #VU71642

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-42969

CWE-ID: CWE-185

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
python-py

Software vendor:
pytest-dev

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation in Subversion repository caused by a mishandled InfoSvnCommand argument. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://github.com/pytest-dev/py/blob/cb87a83960523a2367d0f19226a73aed4ce4291d/py/_path/svnurl.py#L316
https://github.com/pytest-dev/py/issues/287
https://github.com/advisories/GHSA-w596-4wvx-j9j6

#VU71642 Incorrect Regular Expression in python-py - CVE-2022-42969

Description

Remediation

External links

Please verify you're human