Published: 2020-07-18
Security Advisory
This security advisory describes one medium risk vulnerability.
1) Resource exhaustion
Severity: Medium
CVSSv3: 5.9 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-14422
CWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application improperly computes hash values in the IPv4Interface and IPv6Interface classes within the Lib/ipaddress.py in Python. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created.
Mitigation
Update the affected packages.
Vulnerable software versions
Opensuse: 15.1
CPE
External links
https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00032.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Support the originator by clicking the read the rest link below.
