CVE-2012-0845

Priority
Description
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x
before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote
attackers to cause a denial of service (infinite loop and CPU consumption)
via an XML-RPC POST request that contains a smaller amount of data than
specified by the Content-Length header.
Assigned-to
jdstrand
Notes
jdstrandreproducer doesn't work on 8.04 LTS python2.4, but the code is
sufficiently similar that we'll patch
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:released (2.6.8)
Patches:
Upstream:http://hg.python.org/cpython/rev/24244a744d01/
Package
Upstream:released (2.7.3)
Patches:
Upstream:http://hg.python.org/cpython/rev/0c02f30b2538/
Package
Upstream:needs-triage
Patches:
Upstream:http://hg.python.org/cpython/rev/4dd5a94fd3e3/
Package
Upstream:released (3.2.3)
Patches:
Upstream:http://hg.python.org/cpython/rev/cd67740ce653/
More Information

Updated: 2019-12-05 20:58:45 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)