FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py39-py -- Regular expression Denial of Service vulnerability

Affected packages
py39-py <= 1.11.0

Details

VuXML ID 28a37df6-ba1a-4eed-bb64-623fc8e8dfd0
Discovery 2022-11-04
Entry 2023-04-09

SCH227 reports:

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled.

References

CVE Name CVE-2022-42969
URL https://osv.dev/vulnerability/GHSA-w596-4wvx-j9j6
URL https://osv.dev/vulnerability/PYSEC-2022-42969