rpm package
suse/python-hyperlink&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
pkg:rpm/suse/python-hyperlink&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-3171 | — | < 17.2.1-150000.3.4.1 | 17.2.1-150000.3.4.1 | Oct 12, 2022 | A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be | ||
| CVE-2022-1941 | — | < 17.2.1-150000.3.4.1 | 17.2.1-150000.3.4.1 | Sep 22, 2022 | A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can | ||
| CVE-2021-22570 | — | < 17.2.1-150000.3.4.1 | 17.2.1-150000.3.4.1 | Jan 26, 2022 | Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend | ||
| CVE-2021-22569 | — | < 17.2.1-150000.3.4.1 | 17.2.1-150000.3.4.1 | Jan 7, 2022 | An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause fre | ||
| CVE-2020-36242 | — | < 17.2.1-150000.3.4.1 | 17.2.1-150000.3.4.1 | Feb 7, 2021 | In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. | ||
| CVE-2020-25659 | — | < 17.2.1-150000.3.4.1 | 17.2.1-150000.3.4.1 | Jan 11, 2021 | python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. | ||
| CVE-2018-1000518 | — | < 17.2.1-150000.3.4.1 | 17.2.1-150000.3.4.1 | Jun 26, 2018 | aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be ex |
- CVE-2022-3171Oct 12, 2022affected < 17.2.1-150000.3.4.1fixed 17.2.1-150000.3.4.1
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be
- CVE-2022-1941Sep 22, 2022affected < 17.2.1-150000.3.4.1fixed 17.2.1-150000.3.4.1
A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can
- CVE-2021-22570Jan 26, 2022affected < 17.2.1-150000.3.4.1fixed 17.2.1-150000.3.4.1
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend
- CVE-2021-22569Jan 7, 2022affected < 17.2.1-150000.3.4.1fixed 17.2.1-150000.3.4.1
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause fre
- CVE-2020-36242Feb 7, 2021affected < 17.2.1-150000.3.4.1fixed 17.2.1-150000.3.4.1
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
- CVE-2020-25659Jan 11, 2021affected < 17.2.1-150000.3.4.1fixed 17.2.1-150000.3.4.1
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
- CVE-2018-1000518Jun 26, 2018affected < 17.2.1-150000.3.4.1fixed 17.2.1-150000.3.4.1
aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be ex