Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2020-1471
HistoryJul 31, 2020 - 7:22 p.m.

Medium: python, python3

2020-07-3119:22:00
alas.aws.amazon.com
13

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.008 Low

EPSS

Percentile

81.8%

JSON

Issue Overview:

2023-10-25: CVE-2022-48560 was added to this advisory.

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. (CVE-2020-8492)

A use-after-free exists in Python through 3.9 via heappushpop in heapq. (CVE-2022-48560)

Affected Packages:

python, python3

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update python to update your system.
Run yum update python3 to update your system.

New Packages:

aarch64:  
    python-2.7.18-1.amzn2.0.1.aarch64  
    python-libs-2.7.18-1.amzn2.0.1.aarch64  
    python-devel-2.7.18-1.amzn2.0.1.aarch64  
    python-tools-2.7.18-1.amzn2.0.1.aarch64  
    tkinter-2.7.18-1.amzn2.0.1.aarch64  
    python-test-2.7.18-1.amzn2.0.1.aarch64  
    python-debug-2.7.18-1.amzn2.0.1.aarch64  
    python-debuginfo-2.7.18-1.amzn2.0.1.aarch64  
    python3-3.7.8-1.amzn2.0.1.aarch64  
    python3-libs-3.7.8-1.amzn2.0.1.aarch64  
    python3-devel-3.7.8-1.amzn2.0.1.aarch64  
    python3-tools-3.7.8-1.amzn2.0.1.aarch64  
    python3-tkinter-3.7.8-1.amzn2.0.1.aarch64  
    python3-test-3.7.8-1.amzn2.0.1.aarch64  
    python3-debug-3.7.8-1.amzn2.0.1.aarch64  
    python3-debuginfo-3.7.8-1.amzn2.0.1.aarch64  
  
i686:  
    python-2.7.18-1.amzn2.0.1.i686  
    python-libs-2.7.18-1.amzn2.0.1.i686  
    python-devel-2.7.18-1.amzn2.0.1.i686  
    python-tools-2.7.18-1.amzn2.0.1.i686  
    tkinter-2.7.18-1.amzn2.0.1.i686  
    python-test-2.7.18-1.amzn2.0.1.i686  
    python-debug-2.7.18-1.amzn2.0.1.i686  
    python-debuginfo-2.7.18-1.amzn2.0.1.i686  
    python3-3.7.8-1.amzn2.0.1.i686  
    python3-libs-3.7.8-1.amzn2.0.1.i686  
    python3-devel-3.7.8-1.amzn2.0.1.i686  
    python3-tools-3.7.8-1.amzn2.0.1.i686  
    python3-tkinter-3.7.8-1.amzn2.0.1.i686  
    python3-test-3.7.8-1.amzn2.0.1.i686  
    python3-debug-3.7.8-1.amzn2.0.1.i686  
    python3-debuginfo-3.7.8-1.amzn2.0.1.i686  
  
src:  
    python-2.7.18-1.amzn2.0.1.src  
    python3-3.7.8-1.amzn2.0.1.src  
  
x86_64:  
    python-2.7.18-1.amzn2.0.1.x86_64  
    python-libs-2.7.18-1.amzn2.0.1.x86_64  
    python-devel-2.7.18-1.amzn2.0.1.x86_64  
    python-tools-2.7.18-1.amzn2.0.1.x86_64  
    tkinter-2.7.18-1.amzn2.0.1.x86_64  
    python-test-2.7.18-1.amzn2.0.1.x86_64  
    python-debug-2.7.18-1.amzn2.0.1.x86_64  
    python-debuginfo-2.7.18-1.amzn2.0.1.x86_64  
    python3-3.7.8-1.amzn2.0.1.x86_64  
    python3-libs-3.7.8-1.amzn2.0.1.x86_64  
    python3-devel-3.7.8-1.amzn2.0.1.x86_64  
    python3-tools-3.7.8-1.amzn2.0.1.x86_64  
    python3-tkinter-3.7.8-1.amzn2.0.1.x86_64  
    python3-test-3.7.8-1.amzn2.0.1.x86_64  
    python3-debug-3.7.8-1.amzn2.0.1.x86_64  
    python3-debuginfo-3.7.8-1.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2020-8492, CVE-2022-48560

Mitre: CVE-2020-8492, CVE-2022-48560

OSVersionArchitecturePackageVersionFilename
Amazon Linux2aarch64python< 2.7.18-1.amzn2.0.1python-2.7.18-1.amzn2.0.1.aarch64.rpm
Amazon Linux2aarch64python-libs< 2.7.18-1.amzn2.0.1python-libs-2.7.18-1.amzn2.0.1.aarch64.rpm
Amazon Linux2aarch64python-devel< 2.7.18-1.amzn2.0.1python-devel-2.7.18-1.amzn2.0.1.aarch64.rpm
Amazon Linux2aarch64python-tools< 2.7.18-1.amzn2.0.1python-tools-2.7.18-1.amzn2.0.1.aarch64.rpm
Amazon Linux2aarch64tkinter< 2.7.18-1.amzn2.0.1tkinter-2.7.18-1.amzn2.0.1.aarch64.rpm
Amazon Linux2aarch64python-test< 2.7.18-1.amzn2.0.1python-test-2.7.18-1.amzn2.0.1.aarch64.rpm
Amazon Linux2aarch64python-debug< 2.7.18-1.amzn2.0.1python-debug-2.7.18-1.amzn2.0.1.aarch64.rpm
Amazon Linux2aarch64python-debuginfo< 2.7.18-1.amzn2.0.1python-debuginfo-2.7.18-1.amzn2.0.1.aarch64.rpm
Amazon Linux2aarch64python3< 3.7.8-1.amzn2.0.1python3-3.7.8-1.amzn2.0.1.aarch64.rpm
Amazon Linux2aarch64python3-libs< 3.7.8-1.amzn2.0.1python3-libs-3.7.8-1.amzn2.0.1.aarch64.rpm
Rows per page:
1-10 of 481

Related

nessus 77
fedora 6
osv 17
prion 2
cve 2
ubuntucve 2
veracode 2
f5 1
ubuntu 6
debiancve 2
cloudlinux 3
ibm 9
redhatcve 2
openvas 19
amazon 4
freebsd 4
gentoo 1
alpinelinux 1
almalinux 3
oraclelinux 4
redhat 8
suse 3
centos 1
cloudfoundry 1
debian 4
rocky 1
photon 11
mageia 1
archlinux 1
kitploit 1
nessus
nessus
Amazon Linux 2 : python, python3 (ALAS-2020-1471)
2020-08-06 00:00:00
Fedora 38 : python2.7 (2023-34a3a5adba)
2023-12-07 00:00:00
Ubuntu 16.04 ESM : Python vulnerability (USN-6394-1)
2023-09-21 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: python2.7-2.7.18-36.fc39
2023-12-08 01:39:50
[SECURITY] Fedora 38 Update: python2.7-2.7.18-36.fc38
2023-12-08 01:42:32
[SECURITY] Fedora 31 Update: python38-3.8.3-1.fc31
2020-05-29 02:27:10
osv
osv
python2.7 vulnerability
2023-10-17 11:27:21
BIT-python-2022-48560
2024-03-06 11:04:43
Use-after-free in heappushpop() of heapq module
2023-08-22 00:00:00
prion
prion
Design/Logic Flaw
2023-08-22 19:16:00
Code injection
2020-01-30 19:15:00
cve
cve
CVE-2022-48560
2023-08-22 19:16:00
CVE-2020-8492
2020-01-30 19:15:00
ubuntucve
ubuntucve
CVE-2022-48560
2023-08-22 00:00:00
CVE-2020-8492
2020-01-30 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-10-09 01:43:02
Denial Of Service (DoS)
2020-08-06 21:33:11
f5
f5
K000138629 : Python vulnerability CVE-2022-48560
2024-02-15 00:00:00
ubuntu
ubuntu
Python vulnerability
2023-09-21 00:00:00
Python vulnerability
2023-10-17 00:00:00
Python vulnerabilities
2020-04-21 00:00:00
debiancve
debiancve
CVE-2022-48560
2023-08-22 19:16:00
CVE-2020-8492
2020-01-30 19:15:00
cloudlinux
cloudlinux
python: Fix of CVE-2022-48560
2023-10-23 22:53:27
Fix of CVE: CVE-2020-26116, CVE-2020-8492, CVE-2018-20852, CVE-2020-27619
2021-10-05 14:07:59
Fix of CVE: CVE-2018-20852, CVE-2020-8492, CVE-2020-26116, CVE-2020-27619
2021-09-23 12:55:16
ibm
ibm
Security Bulletin: Vulnerability in Python affects IBM Process Mining . CVE-2022-48560
2023-10-09 10:56:35
Security Bulletin: Vulnerability in Open Source Python affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-8492)
2021-04-27 20:49:26
Security Bulletin: Streams service for IBM Cloud Pak for Data might be affected by some underlying Python vulnerabilities
2021-06-16 19:01:03
redhatcve
redhatcve
CVE-2022-48560
2023-11-15 17:46:26
CVE-2020-8492
2020-03-02 11:41:02
openvas
openvas
Fedora: Security Advisory for python3 (FEDORA-2020-98e0f0f11b)
2020-05-29 00:00:00
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2020-1321)
2020-03-24 00:00:00
Fedora: Security Advisory for python38 (FEDORA-2020-6a88dad4a0)
2020-05-29 00:00:00
amazon
amazon
Medium: python, python3
2020-07-31 19:22:00
Medium: python26
2020-07-27 23:54:00
Medium: python27, python34, python35, python36
2020-07-27 23:54:00
freebsd
freebsd
Python -- Regular Expression DoS attack against client
2019-11-17 00:00:00
tauthon -- Regular Expression Denial of Service
2020-01-30 00:00:00
Python -- multiple vulnerabilities
2019-10-24 00:00:00
gentoo
gentoo
Python: Denial of service
2020-05-14 00:00:00
alpinelinux
alpinelinux
CVE-2020-8492
2020-01-30 19:15:00
almalinux
almalinux
Moderate: python3 security update
2024-01-10 00:00:00
Moderate: python3 security and bug fix update
2020-11-03 12:04:08
Moderate: python38:3.8 security, bug fix, and enhancement update
2020-11-03 12:23:02
oraclelinux
oraclelinux
python3 security update
2024-01-10 00:00:00
python3 security update
2020-10-06 00:00:00
python3 security and bug fix update
2020-11-10 00:00:00
redhat
redhat
(RHSA-2024:0114) Moderate: python3 security update
2024-01-10 09:25:45
(RHSA-2020:3888) Moderate: python3 security update
2020-09-29 07:40:56
(RHSA-2024:0586) Moderate: python3 security update
2024-01-30 12:53:25
suse
suse
Security update for python3 (moderate)
2020-03-01 00:00:00
Security update for python3 (important)
2020-12-26 00:00:00
Security update for python3 (important)
2020-12-26 00:00:00
centos
centos
python3 security update
2020-10-20 18:48:39
cloudfoundry
cloudfoundry
USN-4333-1: Python vulnerabilities | Cloud Foundry
2020-05-14 00:00:00
debian
debian
[SECURITY] [DLA 3614-1] python3.7 security update
2023-10-11 19:33:59
[SECURITY] [DLA 3575-1] python2.7 security update
2023-09-20 19:13:38
[SECURITY] [DLA 3432-1] python2.7 security update
2023-05-24 17:31:47
rocky
rocky
python38:3.8 security, bug fix, and enhancement update
2020-11-03 12:23:02
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0304
2020-06-26 00:00:00
Important Photon OS Security Update - PHSA-2020-0304
2020-06-27 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0646
2023-09-09 00:00:00
mageia
mageia
Updated python and python3 packages fix security vulnerabilities
2020-12-08 13:40:32
archlinux
archlinux
[ASA-202103-27] python2: multiple issues
2021-03-25 00:00:00
kitploit
kitploit
Regexploit - Find Regular Expressions Which Are Vulnerable To ReDoS (Regular Expression Denial Of Service)
2021-07-20 12:30:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.008 Low

EPSS

Percentile

81.8%

JSON
Related for ALAS-2020-1471
nessus77fedora6osv17prion2cve2ubuntucve2veracode2f51ubuntu6debiancve2cloudlinux3ibm9redhatcve2openvas19amazon4freebsd4gentoo1alpinelinux1almalinux3oraclelinux4redhat8suse3centos1cloudfoundry1debian4rocky1photon11mageia1archlinux1kitploit1