Oval Definition:oval:org.opensuse.security:def:20207212
Revision Date:2022-08-07Version:1
Title:CVE-2020-7212
Description:

The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings were deduplicated, the time to compute _encode_invalid_chars would be O(kN), where k is at most 484 ((10+6*2)^2).
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2020-7212
SUSE CVE-2020-7212
Platform(s):SUSE Linux Enterprise Desktop 15
SUSE Linux Enterprise Desktop 15 SP1
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Module for Basesystem 15
SUSE Linux Enterprise Module for Basesystem 15 SP1
SUSE Linux Enterprise Module for Python 2 15 SP1
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Server 4.0
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed
  • OR SUSE Linux Enterprise Module for Python 2 15 SP1 is installed
  • AND python-urllib3 is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for Basesystem 15 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed
  • OR SUSE Linux Enterprise Module for Python 2 15 SP1 is installed
  • AND python-urllib3 is not affected
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND python-urllib3 is not affected
    • Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 8 is installed
  • OR SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • python-urllib3 is not affected
  • OR python3-urllib3 is not affected
    • Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 9 is installed
  • OR SUSE OpenStack Cloud Crowbar 9 is installed
  • AND Package Information
  • python-urllib3 is not affected
  • OR python3-urllib3 is not affected
    • Definition Synopsis
  • SUSE Linux Enterprise Micro 5.1 is installed
  • AND python3-urllib3 is not affected
    • BACK