Vulnerability Name:

CVE-2020-29651 (CCN-192827)

Assigned:2020-09-03
Published:2020-09-03
Updated:2022-10-12
Summary:A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-29651

Source: XF
Type: UNKNOWN
py-cve202029651-dos(192827)

Source: CCN
Type: py GIT Repository
Vulnerable Regular Expression in svnwc.py #256

Source: MISC
Type: Third Party Advisory
https://github.com/pytest-dev/py/issues/256

Source: MISC
Type: Third Party Advisory
https://github.com/pytest-dev/py/pull/257

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/pytest-dev/py/pull/257/commits/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-db0eb54982

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-8371993b6b

Source: CCN
Type: Python Web site
py

Source: CCN
Type: IBM Security Bulletin 6575667 (Spectrum Discover)
High severity vulnerabilities in libraries used by IBM Spectrum Discover (libraries of libraries)

Source: CCN
Type: IBM Security Bulletin 6618759 (Security QRadar Network Threat Analytics)
IBM Security QRadar Network Threat Analytics uses component Python Py with denial of service vulnerability (CVE-2020-29651)

Source: N/A
Type: Third Party Advisory
N/A

Vulnerable Configuration:Configuration 1:
  • cpe:/a:pytest:py:*:*:*:*:*:*:*:* (Version <= 1.9.0)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7779
    P
    		python3-py-1.10.0-150100.5.12.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7656
    P
    		libqpdf26-9.0.2-150200.3.3.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7674
    P
    		libspice-client-glib-2_0-8-0.41-150500.1.4 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:714
    P
    		Security update for open-vm-tools (Important)
    2022-08-29
    oval:org.opensuse.security:def:118382
    P
    		Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins (Moderate)
    2022-08-17
    oval:org.opensuse.security:def:698
    P
    		Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins (Moderate)
    2022-08-17
    oval:org.opensuse.security:def:3636
    P
    		Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins (Moderate) (in QA)
    2022-07-12
    oval:org.opensuse.security:def:95266
    P
    		Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins (Moderate) (in QA)
    2022-07-12
    oval:org.opensuse.security:def:95259
    P
    		Security update for python3 (Important)
    2022-07-11
    oval:org.opensuse.security:def:3701
    P
    		libvpx1-1.3.0-3.3.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3743
    P
    		perl-32bit-5.18.2-12.20.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3176
    P
    		libgcrypt20-1.6.1-16.68.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3429
    P
    		apache-commons-httpclient-3.1-4.364 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3751
    P
    		perl-XML-LibXML-2.0019-6.3.5 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3615
    P
    		libjpeg-turbo-1.5.3-31.14.2 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94806
    P
    		python3-py-1.8.1-5.6.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94541
    P
    		dstat-0.7.3-2.16 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:42318
    P
    		Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins (Moderate) (in QA)
    2022-05-24
    oval:org.opensuse.security:def:95331
    P
    		Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins (Moderate) (in QA)
    2022-05-24
    oval:org.opensuse.security:def:42413
    P
    		Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins (Moderate) (in QA)
    2022-05-24
    oval:org.opensuse.security:def:95373
    P
    		Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins (Moderate) (in QA)
    2022-05-24
    oval:org.opensuse.security:def:95381
    P
    		Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins (Moderate) (in QA)
    2022-05-24
    oval:org.opensuse.security:def:101972
    P
    		Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP3) (Important)
    2022-04-24
    oval:org.opensuse.security:def:6030
    P
    		Security update for clamav (Important)
    2022-01-24
    oval:org.opensuse.security:def:113282
    P
    		python36-py-1.10.0-1.5 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:113053
    P
    		oci-cli-3.0.2-1.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106493
    P
    		oci-cli-3.0.2-1.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:106694
    P
    		python36-py-1.10.0-1.5 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:97012
    P
    		libecpg6-10.6-6.25 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:97031
    P
    		python3-pywbem-0.11.0-2.21 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:101254
    P
    		build-20210120-3.6.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:84184
    P
    		Security update for ardana-cobbler, cassandra, cassandra-kit, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-heat-templates, openstack-monasca-installer, openstack-nova, python-Django, python-elementpath, python-eventlet, python-py, python-pysaml2, python-six, python-xmlschema (Moderate)
    2021-07-28
    oval:org.opensuse.security:def:84643
    P
    		Security update for ardana-cobbler, cassandra, cassandra-kit, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-heat-templates, openstack-monasca-installer, openstack-nova, python-Django, python-elementpath, python-eventlet, python-py, python-pysaml2, python-six, python-xmlschema (Moderate)
    2021-07-28
    oval:org.opensuse.security:def:111566
    P
    		Security update for python-py (Moderate)
    2021-07-11
    oval:org.opensuse.security:def:34480
    P
    		Security update for python-py (Moderate)
    2021-07-02
    oval:org.opensuse.security:def:60303
    P
    		Security update for python-py (Moderate)
    2021-07-02
    oval:org.opensuse.security:def:81088
    P
    		Security update for python-py (Moderate)
    2021-07-02
    oval:org.opensuse.security:def:88454
    P
    		Security update for ardana-neutron, ardana-swift, cassandra, crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, python-py, python-pysaml2, python-xmlschema, rubygem-activerecord-session_store, venv-openstack-keystone (Moderate)
    2021-06-11
    oval:org.opensuse.security:def:81082
    P
    		Security update for crowbar-openstack, grafana, kibana, monasca-installer, python-Django, python-py, rubygem-activerecord-session_store (Moderate)
    2021-06-11
    oval:org.opensuse.security:def:88141
    P
    		Security update for ardana-neutron, ardana-swift, cassandra, crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, python-py, python-pysaml2, python-xmlschema, rubygem-activerecord-session_store, venv-openstack-keystone (Moderate)
    2021-06-11
    oval:org.opensuse.security:def:111425
    P
    		Security update for python-py (Moderate)
    2021-06-07
    oval:org.opensuse.security:def:100289
    P
    		 (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:117435
    P
    		Security update for python-py (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:94169
    P
    		 (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:64518
    P
    		Security update for python-py (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:73640
    P
    		Security update for python-py (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:1568
    P
    		Security update for python-py (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:99107
    P
    		 (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:68745
    P
    		Security update for python-py (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:93566
    P
    		 (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:76525
    P
    		Security update for python-py (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:100618
    P
    		 (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:107920
    P
    		Security update for python-py (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:95935
    P
    		Security update for python-py (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:94381
    P
    		 (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:64704
    P
    		Security update for python-py (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:73826
    P
    		Security update for python-py (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:99642
    P
    		 (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:68763
    P
    		Security update for python-py (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:93743
    P
    		 (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:76543
    P
    		Security update for python-py (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:101445
    P
    		Security update for python-py (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:118405
    P
    		Security update for python-py (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:93252
    P
    		 (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:99954
    P
    		 (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:93958
    P
    		 (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:42082
    P
    		Security update for python-py (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:109314
    P
    		Security update for python-py (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:102648
    P
    		Security update for python-py (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:93409
    P
    		 (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:76187
    P
    		Security update for python-py (Moderate)
    2021-06-01
    oval:org.opensuse.security:def:5711
    P
    		Security update for python-py (Moderate)
    2021-06-01
    oval:org.opensuse.security:def:108638
    P
    		Security update for python-py (Moderate)
    2021-06-01
    oval:org.opensuse.security:def:66800
    P
    		Security update for python-py (Moderate)
    2021-06-01
    oval:org.opensuse.security:def:75868
    P
    		Security update for python-py (Moderate)
    2021-06-01
    oval:org.opensuse.security:def:67119
    P
    		Security update for python-py (Moderate)
    2021-06-01
    BACK
    pytest py *
    fedoraproject fedora 32
    fedoraproject fedora 33
    oracle zfs storage appliance kit 8.8