安全公告/【CVE-2020-14422】

基本信息

漏洞名称:
受影响操作系统:Asianux
危险等级:中危
影响源码包:python-pip
CVSS评分:5.9
发现日期:2023-09-02
修复版本:python-pip-20.2.2-6

漏洞描述

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.

修复方式

yum update PackageName

漏洞判定

执行命令yum info PackageName获取软件包版本号,版本小于修复版本,则受此漏洞影响,版本大于等于修复版本,则此漏洞已修复

补丁

参考

https://gitee.com/src-openeuler/python-pip/issues/I5QBR3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14422
https://nvd.nist.gov/vuln/detail/CVE-2020-14422