PT-2022-6750 · Python+12 · Python+12

Guidovranken

Published

2022-09-09

Updated

2026-05-18

CVE-2022-45061

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Python versions prior to 3.11.1 Python versions prior to 3.10.9 Python versions prior to 3.9.16 Python versions prior to 3.8.16 Python versions prior to 3.7.16

Description An issue exists in the IDNA (RFC 3490) decoder, where an unnecessary quadratic algorithm can lead to a CPU denial of service when processing crafted, unreasonably long names. This could be triggered by a malicious actor supplying a hostname that causes excessive CPU consumption on the client. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302.

Recommendations For versions prior to 3.11.1, update to version 3.11.1 or later. For versions prior to 3.10.9, update to version 3.10.9 or later. For versions prior to 3.9.16, update to version 3.9.16 or later. For versions prior to 3.8.16, update to version 3.8.16 or later. For versions prior to 3.7.16, update to version 3.7.16 or later.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-407CWE-400

Related Identifiers

ALSA-2023:0833

ALSA-2023:0953

ALSA-2023:2763

ALSA-2023:2764

ALSA-2023:2860

ALT-PU-2023-1518

ALT-PU-2023-2014

ALT-PU-2024-2598

ALT-PU-2024-3474

AZL-11439

BDU:2023-03855

BIT-LIBPYTHON-2022-45061

BIT-PYTHON-2022-45061

BIT-PYTHON-MIN-2022-45061

CESA-2023_0833

CESA-2023_2763

CESA-2023_2764

CESA-2023_2860

CLEANSTART-2026-BM51903

CLEANSTART-2026-SY44974

CVE-2022-45061

DLA-3432-1

DLA-3477-1

DLA-3966-1

DLA-3980-1

MGASA-2024-0084

OESA-2022-2102

OPENSUSE-SU-2022_4004-1

OPENSUSE-SU-2022_4071-1

OPENSUSE-SU-2024:12495-1

OPENSUSE-SU-2024:12500-1

OPENSUSE-SU-2024:12501-1

OPENSUSE-SU-2024:12502-1

OPENSUSE-SU-2024:12503-1

OPENSUSE-SU-2024:12910-1

OPENSUSE-SU-2024:14109-1

OPENSUSE-SU-2024:14434-1

OPENSUSE-SU-2025:15713-1

PSF-2022-10

RHSA-2023:0833

RHSA-2023:0953

RHSA-2023:2763

RHSA-2023:2764

RHSA-2023:2860

RHSA-2023:6793

RHSA-2023_0833

RHSA-2023_0953

RHSA-2023_2763

RHSA-2023_2764

RHSA-2023_2860

RHSA-2024:0430

RLSA-2023:0833

RLSA-2023:0953

ROSA-SA-2025-2646

ROSA-SA-2025-2676

SUSE-SU-2022:4004-1

SUSE-SU-2022:4071-1

SUSE-SU-2022:4251-1

SUSE-SU-2022:4258-1

SUSE-SU-2022:4275-1

SUSE-SU-2022_4258-1

SUSE-SU-2022_4275-1

SUSE-SU-2023:0213-1

SUSE-SU-2023:0549-1

SUSE-SU-2023:0616-1

SUSE-SU-2023:0707-1

SUSE-SU-2023:0724-1

SUSE-SU-2023:0748-1

SUSE-SU-2023_0213-1

SUSE-SU-2023_0549-1

SUSE-SU-2023_0616-1

SUSE-SU-2023_0724-1

USN-5767-1

USN-5767-2

USN-5888-1

USN-6891-1

USN-7212-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Ibm Aix

Linuxmint

Python

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2022-6750 · Python+12 · Python+12

CVE-2022-45061

Weakness Enumeration

Related Identifiers

Affected Products

References · 306