Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

References

github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200

github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be

github.com/pypa/setuptools/compare/v65.5.0...v65.5.1

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H/

pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/

pyup.io/vulnerabilities/CVE-2022-40897/52495/

security.netapp.com/advisory/ntap-20230214-0001/

osv 12

nessus 60

redhat 35

almalinux 4

oraclelinux 5

ibm 24

amazon 2

openvas 25

github 1

redhatcve 1

freebsd 3

veracode 1

rocky 3

fedora 2

nvd 1

cve 1

mageia 1

gentoo 1

ubuntu 1

debiancve 1

cloudfoundry 1

redos 1

prion 1

cbl_mariner 1

ubuntucve 1

photon 2

oracle 2

osv

pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)

2022-12-23 00:30:23

Moderate: python-setuptools security update

2023-02-28 00:00:00

PYSEC-2022-43012

2022-12-23 00:15:00

nessus

SUSE SLES15 / openSUSE 15 Security Update : python39-setuptools (SUSE-SU-2023:0202-1)

2023-01-28 00:00:00

SUSE SLES15 Security Update : python-setuptools (SUSE-SU-2023:0223-1)

2023-02-02 00:00:00

EulerOS 2.0 SP9 : python-setuptools (EulerOS-SA-2023-1482)

2023-03-08 00:00:00

redhat

(RHSA-2023:0835) Moderate: python-setuptools security update

2023-02-21 08:46:22

(RHSA-2023:0952) Moderate: python-setuptools security update

2023-02-28 07:52:59

(RHSA-2023:7395) Moderate: python-setuptools security update

2023-11-21 09:47:07

almalinux

Moderate: python-setuptools security update

2023-02-21 00:00:00

Moderate: python-setuptools security update

2023-02-28 00:00:00

Moderate: python39:3.9 and python39-devel:3.9 security update

2024-05-22 00:00:00

oraclelinux

python-setuptools security update

2023-02-22 00:00:00

python3-setuptools security update

2023-05-23 00:00:00

python-setuptools security update

2023-02-28 00:00:00

ibm

Security Bulletin: A vulnerability in Pypa Setuptools may affect IBM Robotic Process Automation for Cloud Pak and result in a denial of service (CVE-2022-40897)

2023-06-20 14:27:06

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service due to [CVE-2022-40897]

2023-07-25 13:39:30

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service in Pypa Setuptools (CVE-2022-40897)

2023-02-24 19:32:12

amazon

Medium: python-setuptools

2023-08-03 18:10:00

Medium: python2-setuptools

2023-03-02 22:35:00

openvas

openSUSE: Security Advisory for python39 (SUSE-SU-2023:0202-1)

2024-03-04 00:00:00

Huawei EulerOS: Security Advisory for python-setuptools (EulerOS-SA-2023-1909)

2023-05-16 00:00:00

Huawei EulerOS: Security Advisory for python-setuptools (EulerOS-SA-2023-1648)

2023-04-27 00:00:00

github

pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)

2022-12-23 00:30:23

redhatcve

CVE-2022-40897

2023-01-05 18:35:06

freebsd

py39-setuptools58 -- denial of service vulnerability

2022-12-23 00:00:00

py39-setuptools -- denial of service vulnerability

2022-12-23 00:00:00

py27-setuptools44 -- denial of service vulnerability

2022-12-23 00:00:00

veracode

Regular Expression Denial Of Service (ReDoS)

2022-12-23 08:31:40

rocky

python-setuptools security update

2023-02-22 01:08:44

python-setuptools security update

2023-04-06 15:53:31

python39:3.9 and python39-devel:3.9 security update

2024-06-14 13:59:30

fedora

[SECURITY] Fedora 36 Update: python-setuptools-59.6.0-4.fc36

2023-04-30 01:24:06

[SECURITY] Fedora 37 Update: python-setuptools-62.6.0-3.fc37

2023-05-01 01:29:09

nvd

CVE-2022-40897

2022-12-23 00:15:13

cve

CVE-2022-40897

2022-12-23 00:15:13

mageia

Updated python-setuptools packages fix security vulnerability

2023-07-07 08:54:45

gentoo

Setuptools: Denial of Service

2024-05-05 00:00:00

ubuntu

Setuptools vulnerability

2023-01-23 00:00:00

debiancve

CVE-2022-40897

2022-12-23 00:15:13

cloudfoundry

USN-5817-1: Setuptools vulnerability | Cloud Foundry

2023-02-24 00:00:00

redos

ROS-20230428-05

2023-04-28 00:00:00

prion

Denial of service

2022-12-23 00:15:00

cbl_mariner

CVE-2022-40897 affecting package python-setuptools 40.2.0-6

2023-01-12 20:54:53

ubuntucve

CVE-2022-40897

2022-12-23 00:00:00

photon

Important Photon OS Security Update - PHSA-2023-3.0-0538

2023-02-26 00:00:00

Critical Photon OS Security Update - PHSA-2023-4.0-0427

2023-07-14 00:00:00

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.2 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.5%

JSON

Related for CVELIST:CVE-2022-40897