There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Wed, 04 Sep 2024 20:30:00 +0000


Tue, 03 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Python cpython
CPEs cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*
Vendors & Products Python cpython
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 03 Sep 2024 15:15:00 +0000


Tue, 20 Aug 2024 21:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Low


Tue, 20 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Python
Python python
Weaknesses CWE-1333
CPEs cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.13.0:alpha0:*:*:*:*:*:*
cpe:2.3:a:python:python:3.13.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:python:python:3.13.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:python:python:3.13.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:python:python:3.13.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:python:python:3.13.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:python:python:3.13.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:python:python:3.13.0:beta1:*:*:*:*:*:*
cpe:2.3:a:python:python:3.13.0:beta2:*:*:*:*:*:*
cpe:2.3:a:python:python:3.13.0:beta3:*:*:*:*:*:*
cpe:2.3:a:python:python:3.13.0:beta4:*:*:*:*:*:*
cpe:2.3:a:python:python:3.13.0:rc1:*:*:*:*:*:*
Vendors & Products Python
Python python
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Mon, 19 Aug 2024 19:15:00 +0000

Type Values Removed Values Added
Description There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.
Title Quadratic complexity parsing cookies with backslashes
Weaknesses CWE-400
References

cve-icon MITRE

Status: PUBLISHED

Assigner: PSF

Published: 2024-08-19T19:06:45.311Z

Updated: 2024-10-18T13:07:47.143Z

Reserved: 2024-08-07T15:53:07.135Z

Link: CVE-2024-7592

cve-icon Vulnrichment

Updated: 2024-10-18T13:07:47.143Z

cve-icon NVD

Status : Modified

Published: 2024-08-19T19:15:08.180

Modified: 2024-11-21T09:51:46.750

Link: CVE-2024-7592

cve-icon Redhat

Severity : Low

Publid Date: 2024-08-19T00:00:00Z

Links: CVE-2024-7592 - Bugzilla