Ubuntu Security Notice USN-5199-1

Discussion in 'News Aggregator' started by Packet Storm, 18 Dec 2021.

  1. Packet Storm

    Packet Storm Guest

    Ubuntu Security Notice 5199-1 - It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service condition for a client. It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses. Specially crafted traffic from a malicious HTTP server could cause a denial of service condition for a client. Various other issues were also addressed.

    Continue reading...
     

Share This Page

Loading...