CVE
CVE-2020-8492
| CVE ID |
CVE-2020-8492
|
|---|---|
| CVSS Score |
6.5
|
| Operating System | |
| Affected Versions | |
| Patched Versions | |
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
OL CVE Issue Summary:
The issue involves incorrect backtracking in Python's urllib.request.AbstractBasicAuthHandler, which allows a Regular Expression Denial-of-Service (ReDoS) attack. A regex with nested quantifiers in http_error_auth_reqed() fails to efficiently handle maliciously long sequences of commas in the WWW-Authenticate header. When a server sends a crafted WWW-Authenticate header filled with excessive commas, the regex triggers catastrophic backtracking, causing the client to hang or crash.