** DISPUTED ** The legacy function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) Data is limited in size to the amount that will fit in the buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. It primarily affects servers (such as HTTP servers) that use TLS client authentication. The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.Īn issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers CVE-2023-45725ĭesign document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.Īn attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function.įor the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document. The vulnerabilities are implied based on the software and version. Note: the device may not be impacted by all of these issues.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |