Resource exhaustion in python-py

#VU65859 Resource exhaustion in python-py

Published: 2022-07-28

Vulnerability identifier: #VU65859

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-29651

CWE-ID:

Exploitation vector: Network

Exploit availability:

Vulnerable software:
python-py
Universal components / Libraries / Libraries used by multiple products

Vendor: pytest-dev

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can preform compute-time denial of service attack by supplying malicious input to the blame functionality.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

python-py: 1.0.0 - 1.9.0

Fixed software versions

CPE

cpe:2.3:a:pytest-dev:python-py:1.9.0:*:*:*:*:*:*:*

External links
http://github.com/pytest-dev/py/pull/257/commits/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144
http://github.com/pytest-dev/py/issues/256
http://github.com/pytest-dev/py/pull/257

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell EMC VxRail Appliance

Denial of service in IBM Security QRadar Network Threat Analytics

SUSE update for Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins

Multiple vulnerabilities in Dell Policy Manager for Secure Connect Gateway

Ubuntu update for python-py

SUSE update for python-py