CVE-2012-0845

Priority
Description
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x
before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote
attackers to cause a denial of service (infinite loop and CPU consumption)
via an XML-RPC POST request that contains a smaller amount of data than
specified by the Content-Length header.
Notes
 jdstrand> reproducer doesn't work on 8.04 LTS python2.4, but the code is
  sufficiently similar that we'll patch
Assigned-to
jdstrand
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:released (2.6.8)
Patches:
Upstream:http://hg.python.org/cpython/rev/24244a744d01/
Package
Upstream:released (2.7.3)
Patches:
Upstream:http://hg.python.org/cpython/rev/0c02f30b2538/
Package
Upstream:needs-triage
Patches:
Upstream:http://hg.python.org/cpython/rev/4dd5a94fd3e3/
Package
Upstream:released (3.2.3)
Patches:
Upstream:http://hg.python.org/cpython/rev/cd67740ce653/
More Information

Updated: 2019-01-14 22:01:47 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)