gh-97514: On Linux the multiprocessing module returns to using filesystem backed unix domain sockets for communication with the forkserver process instead of the Linux abstract socket namespace.Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm to fix CVE-2022-45061.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |