NVD Vulnerability Detail

CVE-2020-29651

Summary	A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.
Publication Date	Dec. 9, 2020, 4:15 p.m.
Registration Date	Jan. 26, 2021, 11:57 a.m.
Last Update	Nov. 21, 2024, 2:24 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:pytest:py::::::::			1.9.0

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*

Related information, measures and tools

No	URL	タグ
1	https://github.com/pytest-dev/py/issues/256	Third Party Advisory
2	https://github.com/pytest-dev/py/issues/256	Third Party Advisory
3	https://github.com/pytest-dev/py/pull/257	Third Party Advisory
4	https://github.com/pytest-dev/py/pull/257	Third Party Advisory
5	https://github.com/pytest-dev/py/pull/257/commits/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144	Patch Third Party Advisory
6	https://github.com/pytest-dev/py/pull/257/commits/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144	Patch Third Party Advisory
7	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYWNYEV3FGDHPIHX4DDUDMFZ6NLCQRC4/
8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYWNYEV3FGDHPIHX4DDUDMFZ6NLCQRC4/
9	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHDTINIBJZ67T3W74QTBIY5LPKAXEOGR/
10	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHDTINIBJZ67T3W74QTBIY5LPKAXEOGR/
11	https://www.oracle.com/security-alerts/cpujul2022.html	Third Party Advisory
12	https://www.oracle.com/security-alerts/cpujul2022.html	Third Party Advisory

Common Vulnerabilities List

JVN Vulnerability Information

py の py.path.svnwc コンポーネントにおける脆弱性

Title	py の py.path.svnwc コンポーネントにおける脆弱性
Summary	py (別名 python-py) の py.path.svnwc コンポーネントには、不特定の脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 20, 2020, midnight
Registration Date	July 27, 2021, 11:24 a.m.
Last Update	July 27, 2021, 11:24 a.m.

Affected System

pytest

py 1.9.0 まで

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-29651	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29651
National Vulnerability Database (NVD)
2	CVE-2020-29651	https://nvd.nist.gov/vuln/detail/CVE-2020-29651

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
GitHub
1	svnwc: fix regular expression vulnerable to DoS in blame functionality #257	https://github.com/pytest-dev/py/pull/257
2	svnwc: fix regular expression vulnerable to DoS in blame functionality #257 (commit 4a9017dc6199d2a564b6e4b0aa39d6d8870e4144)	https://github.com/pytest-dev/py/pull/257/commits/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144
3	Vulnerable Regular Expression in svnwc.py #256	https://github.com/pytest-dev/py/issues/256

Change Log

No	Changed Details	Date of change
1	[2021年07月27日] 掲載	July 27, 2021, 11:24 a.m.