Resource Exhaustion Affecting python-test package, versions <0:2.7.5-34.el7


Severity

Recommended
0.0
medium
0
10

Based on Red Hat Enterprise Linux security rating.

Threat Intelligence

EPSS
0.24% (62nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL7-PYTHONTEST-4560657
  • published26 Jul 2021
  • disclosed25 Sept 2012

Introduced: 25 Sep 2012

CVE-2013-1752  (opens in a new tab)
CWE-400  (opens in a new tab)

How to fix?

Upgrade RHEL:7 python-test to version 0:2.7.5-34.el7 or higher.
This issue was patched in RHSA-2015:2101.

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-test package and not the python-test package as distributed by RHEL. See How to fix? for RHEL:7 relevant fixed versions and status.

Rejected reason: Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 "Independently Fixable" in the CVE Counting Decisions

CVSS Scores

version 3.1