Lucene search
UbuntuUSN-5833-1HistoryJan 31, 2023 - 12:00 a.m.
python-future vulnerability
2023-01-3100:00:00
ubuntu.com
28
python-future
ubuntu
http header
denial of service
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.7 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.4%
Releases
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
Packages
- python-future - Clean single-source support for Python 3 and 2
Details
Sebastian Chnelik discovered that python-future incorrectly handled
certain HTTP header field. An attacker could possibly use this issue
to cause a denial of service.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 22.10 | noarch | python3-future | < 0.18.2-6ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | python-future-doc | < 0.18.2-6ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | python3-future | < 0.18.2-5ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | python-future-doc | < 0.18.2-5ubuntu0.1 | UNKNOWN |
| Ubuntu | 20.04 | noarch | python3-future | < 0.18.2-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 20.04 | noarch | python-future-doc | < 0.18.2-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | python3-future | < 0.15.2-4ubuntu2.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | python-future | < 0.15.2-4ubuntu2.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | python-future-doc | < 0.15.2-4ubuntu2.1 | UNKNOWN |
| Ubuntu | 16.04 | noarch | python3-future | < 0.15.2-1ubuntu0.1~esm1 | UNKNOWN |
References
Related
cve
cve
CVE-2022-40899
2022-12-23 00:15:14
nessus
nessus
RHEL 7 : future (Unpatched Vulnerability)
2024-06-03 00:00:00
SUSE SLES12 Security Update : python-future (SUSE-SU-2023:0078-1)
2023-01-13 00:00:00
SUSE SLES12 Security Update : python3 (SUSE-SU-2023:0076-1)
2023-01-13 00:00:00
osv
osv
CVE-2022-40899
2022-12-23 00:15:14
PYSEC-2022-42991
2022-12-23 00:15:00
Python Charmers Future denial of service vulnerability
2022-12-23 00:30:23
debiancve
debiancve
CVE-2022-40899
2022-12-23 00:15:14
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:0079-1)
2023-01-12 00:00:00
Ubuntu: Security Advisory (USN-5833-1)
2023-02-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0076-1)
2023-01-12 00:00:00
mageia
mageia
Updated python-future packages fix security vulnerability
2023-02-07 03:06:39
redos
redos
ROS-20230428-01
2023-04-28 00:00:00
prion
prion
Code injection
2022-12-23 00:15:00
redhatcve
redhatcve
CVE-2022-40899
2023-01-31 10:35:44
ubuntucve
ubuntucve
CVE-2022-40899
2022-12-23 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Python Charmers Future (CVE-2022-40899)
2023-03-31 17:20:29
Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities
2023-06-20 04:41:00
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
2023-07-03 18:48:48
nvd
nvd
CVE-2022-40899
2022-12-23 00:15:14
github
github
Python Charmers Future denial of service vulnerability
2022-12-23 00:30:23
cvelist
cvelist
CVE-2022-40899
2022-12-22 00:00:00
redhat
redhat
rocky
rocky
Satellite 6.14 security and bug fix update
2023-11-11 22:58:57
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.7 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.4%
Related for USN-5833-1