An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.

References

github.com/pypa/wheel/blob/main/src/wheel/wheelfile.py#L18

pypi.org/project/wheel/

pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/

nessus 28

openvas 22

osv 7

oraclelinux 1

ubuntu 3

ubuntucve 1

almalinux 1

veracode 1

debiancve 1

redhatcve 1

amazon 1

cve 1

ibm 8

prion 1

alpinelinux 1

mageia 1

github 1

nvd 1

redhat 2

cbl_mariner 1

nessus

EulerOS 2.0 SP11 : python-wheel (EulerOS-SA-2023-1767)

2023-05-08 00:00:00

EulerOS 2.0 SP9 : python-wheel (EulerOS-SA-2023-1852)

2023-05-13 00:00:00

EulerOS Virtualization 2.11.0 : python-wheel (EulerOS-SA-2023-2112)

2023-06-07 00:00:00

openvas

Ubuntu: Security Advisory (USN-5821-3)

2023-03-02 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:0088-1)

2023-01-17 00:00:00

Huawei EulerOS: Security Advisory for python-wheel (EulerOS-SA-2023-2112)

2023-06-07 00:00:00

osv

PYSEC-2022-43017

2022-12-23 00:15:00

CVE-2022-40898

2022-12-23 00:15:14

pypa/wheel vulnerable to Regular Expression denial of service (ReDoS)

2022-12-23 00:30:23

oraclelinux

python-wheel security update

2023-11-12 00:00:00

ubuntu

wheel vulnerability

2023-01-24 00:00:00

pip regression

2023-02-28 00:00:00

wheel vulnerability

2023-01-24 00:00:00

ubuntucve

CVE-2022-40898

2022-12-23 00:00:00

almalinux

Moderate: python-wheel security update

2023-11-07 00:00:00

veracode

Regular Expression Denial Of Service (ReDoS)

2022-12-23 06:23:09

debiancve

CVE-2022-40898

2022-12-23 00:15:14

redhatcve

CVE-2022-40898

2023-01-31 10:35:37

amazon

Medium: python-wheel

2023-11-29 22:20:00

cve

CVE-2022-40898

2022-12-23 00:15:14

ibm

Security Bulletin: Python Packaging Authority (PyPA) Wheel is vulnerable to CVE-2022-40898 used in IBM Maximo Application Suite

2023-05-02 17:53:15

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in PyPA Wheel

2023-01-30 18:22:59

Security Bulletin: Vulnerabilities in Pypa Setuptools, Golang Go, OpenSSH, Minio and Certifi may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift

2023-03-29 15:18:12

prion

Input validation

2022-12-23 00:15:00

alpinelinux

CVE-2022-40898

2022-12-23 00:15:14

mageia

Updated python-wheel packages fix security vulnerability

2023-07-07 08:54:45

github

pypa/wheel vulnerable to Regular Expression denial of service (ReDoS)

2022-12-23 00:30:23

nvd

CVE-2022-40898

2022-12-23 00:15:14

redhat

(RHSA-2023:6712) Moderate: python-wheel security update

2023-11-07 06:12:51

(RHSA-2023:6793) Important: rh-python38-python security update

2023-11-08 08:04:01

cbl_mariner

CVE-2022-40898 affecting package python-wheel 0.33.6-7

2024-06-15 15:13:53

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON

Related for CVELIST:CVE-2022-40898