CVE-2020-29651

A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
pytestpy
𝑥
≤ 1.9.0
oraclezfs_storage_appliance_kit
8.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pypy
bullseye
unimportant
buster
no-dsa
stretch
postponed
pypy3
bookworm
unimportant
bullseye
unimportant
bullseye (security)
unimportant
buster
no-dsa
sid
unimportant
stretch
postponed
trixie
unimportant
python-py
bookworm
1.11.0-1
fixed
bullseye
1.10.0-1
fixed
buster
no-dsa
sid
1.11.0-2
fixed
stretch
postponed
trixie
1.11.0-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-py
bionic
Fixed 1.5.2-1ubuntu0.1
released
focal
Fixed 1.8.1-1ubuntu0.1
released
groovy
ignored
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
dne
xenial
needed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
python36-PyYAML
suse enterprise server 12 SP3
5.3.1-6.5.12
fixed
python36-py
suse enterprise server 12 SP3
1.8.1-6.3.15
fixed
python36-pyOpenSSL
suse enterprise server 12 SP3
17.1.0-6.3.16
fixed
python36-pyasn1
suse enterprise server 12 SP3
0.1.9-6.3.18
fixed
python36-pycparser
suse enterprise server 12 SP3
2.10-6.3.9
fixed
python36-pyparsing
suse enterprise server 12 SP3
2.4.7-6.3.9
fixed
python36-pyparsing-doc
suse enterprise server 12 SP3
2.4.7-6.3.9
fixed
python36-python-dateutil
suse enterprise server 12 SP3
2.7.3-6.3.13
fixed
References
https://github.com/pytest-dev/py/issues/256
https://github.com/pytest-dev/py/pull/257
https://github.com/pytest-dev/py/pull/257/commits/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYWNYEV3FGDHPIHX4DDUDMFZ6NLCQRC4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHDTINIBJZ67T3W74QTBIY5LPKAXEOGR/
https://www.oracle.com/security-alerts/cpujul2022.html
https://github.com/pytest-dev/py/issues/256
https://github.com/pytest-dev/py/pull/257
https://github.com/pytest-dev/py/pull/257/commits/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144
https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYWNYEV3FGDHPIHX4DDUDMFZ6NLCQRC4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHDTINIBJZ67T3W74QTBIY5LPKAXEOGR/
https://www.oracle.com/security-alerts/cpujul2022.html