{"id":"CVE-2022-45061","details":"An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.","aliases":["BIT-libpython-2022-45061","BIT-python-2022-45061","BIT-python-min-2022-45061","PSF-2022-10"],"modified":"2026-04-16T04:39:52.113550869Z","published":"2022-11-09T07:15:09.887Z","related":["ALSA-2023:0833","ALSA-2023:0953","ALSA-2023:2763","ALSA-2023:2764","ALSA-2023:2860","SUSE-SU-2022:4004-1","SUSE-SU-2022:4071-1","SUSE-SU-2022:4251-1","SUSE-SU-2022:4258-1","SUSE-SU-2022:4275-1","SUSE-SU-2023:0213-1","SUSE-SU-2023:0549-1","SUSE-SU-2023:0616-1","SUSE-SU-2023:0707-1","SUSE-SU-2023:0724-1","SUSE-SU-2023:0748-1","openSUSE-SU-2024:12495-1","openSUSE-SU-2024:12500-1","openSUSE-SU-2024:12501-1","openSUSE-SU-2024:12502-1","openSUSE-SU-2024:12503-1","openSUSE-SU-2024:12910-1","openSUSE-SU-2024:14109-1","openSUSE-SU-2024:14434-1","openSUSE-SU-2025:15713-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20221209-0007/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202305-02"},{"type":"FIX","url":"https://github.com/python/cpython/issues/98433"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"last_affected":"9de83ce9704ba065626f483abf6c21b7b829104e"},{"introduced":"fa919fdf2583bdfead1df00e842f24f30b2a34bf"},{"last_affected":"44adf8a80a6e27a394094c99ec0fba8e7124bd7e"},{"introduced":"9cf6752276e6fcfd0c23fdb064ad27f448aaaf75"},{"last_affected":"7e2815419663a2f82abf6c5e1f848fd1de7c8033"},{"introduced":"b494f5935c92951e75597bfe1c8b1f3112fec270"},{"last_affected":"aaaf5174241496afca7ce4d4584570190ff972fe"},{"introduced":"0"},{"last_affected":"deaf509e8fc6e0363bd6f26d52ad42f976ec42f2"},{"introduced":"0"},{"last_affected":"41cb07120b7792eac6413b0c56256a25e9b14e5d"},{"introduced":"0"},{"last_affected":"ed7c3ff15680c1939fad468a238a5945dc25c5fd"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.7.15"},{"introduced":"3.8.0"},{"last_affected":"3.8.15"},{"introduced":"3.9.0"},{"last_affected":"3.9.15"},{"introduced":"3.10.0"},{"last_affected":"3.10.8"},{"introduced":"0"},{"last_affected":"3.11.0-NA"},{"introduced":"0"},{"last_affected":"3.11.0-rc1"},{"introduced":"0"},{"last_affected":"3.11.0-rc2"}]}}],"versions":["v0.9.8","v0.9.9","v1.0.1","v1.0.2","v1.1","v1.1.1","v1.2","v1.2b1","v1.2b2","v1.2b3","v1.2b4","v1.3","v1.3b1","v1.4","v1.4b1","v1.4b2","v1.4b3","v1.5","v1.5.1","v1.5.2","v1.5.2a1","v1.5.2a2","v1.5.2b1","v1.5.2b2","v1.5.2c1","v1.5a1","v1.5a2","v1.5a3","v1.5a4","v1.5b1","v1.5b2","v1.6a1","v1.6a2","v2.0","v2.0b1","v2.0b2","v2.0c1","v2.1","v2.1a1","v2.1a2","v2.1b1","v2.1b2","v2.1c1","v2.1c2","v2.2a3","v2.3c1","v2.3c2","v2.4","v2.4a1","v2.4a2","v2.4a3","v2.4b1","v2.4b2","v2.4c1","v3.0a1","v3.0a2","v3.0a3","v3.0a4","v3.0a5","v3.0b1","v3.0b2","v3.0b3","v3.0rc1","v3.0rc2","v3.0rc3","v3.1","v3.10.0a1","v3.10.0a7","v3.10.0b1","v3.10.0b2","v3.10.0b3","v3.10.0b4","v3.10.0rc1","v3.10.0rc2","v3.10.1","v3.10.2","v3.10.3","v3.10.4","v3.10.5","v3.10.6","v3.10.7","v3.10.8","v3.11.0","v3.11.0a3","v3.11.0a4","v3.11.0a5","v3.11.0a6","v3.11.0a7","v3.11.0b1","v3.11.0b2","v3.11.0b3","v3.11.0b4","v3.11.0b5","v3.11.0rc1","v3.11.0rc2","v3.1a1","v3.1a2","v3.1b1","v3.1rc1","v3.1rc2","v3.2a1","v3.2a2","v3.2a3","v3.2a4","v3.2b1","v3.2b2","v3.2rc1","v3.2rc2","v3.2rc3","v3.3.0a2","v3.3.0a3","v3.3.0a4","v3.3.0b1","v3.3.0b2","v3.3.0rc1","v3.3.0rc2","v3.3.0rc3","v3.4.0a1","v3.4.0a2","v3.4.0a3","v3.4.0a4","v3.4.0b1","v3.4.0b2","v3.4.0b3","v3.5.0a1","v3.5.0a2","v3.5.0a3","v3.5.0a4","v3.5.0b1","v3.6.0a3","v3.6.0b1","v3.7.0a2","v3.7.0b1","v3.7.0b2","v3.7.0b3","v3.7.0b4","v3.7.0b5","v3.7.0rc1","v3.7.10","v3.7.11","v3.7.12","v3.7.13","v3.7.14","v3.7.15","v3.7.2rc1","v3.7.3rc1","v3.7.6rc1","v3.7.7rc1","v3.7.8","v3.7.8rc1","v3.7.9","v3.8.0rc1","v3.8.11","v3.8.12","v3.8.13","v3.8.14","v3.8.15","v3.8.3","v3.8.3rc1","v3.8.5","v3.8.8","v3.8.8rc1","v3.9.0a2","v3.9.0b1","v3.9.0b3","v3.9.0b5","v3.9.11","v3.9.12","v3.9.13","v3.9.14","v3.9.15","v3.9.2","v3.9.2rc1","v3.9.5","v3.9.6","v3.9.7","v3.9.8","v3.9.9"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.11.0-alpha1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.11.0-alpha2"}]},{"events":[{"introduced":"0"},{"last_affected":"3.11.0-alpha3"}]},{"events":[{"introduced":"0"},{"last_affected":"3.11.0-alpha4"}]},{"events":[{"introduced":"0"},{"last_affected":"3.11.0-alpha5"}]},{"events":[{"introduced":"0"},{"last_affected":"3.11.0-alpha6"}]},{"events":[{"introduced":"0"},{"last_affected":"3.11.0-alpha7"}]},{"events":[{"introduced":"0"},{"last_affected":"3.11.0-beta1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.11.0-beta2"}]},{"events":[{"introduced":"0"},{"last_affected":"3.11.0-beta3"}]},{"events":[{"introduced":"0"},{"last_affected":"3.11.0-beta4"}]},{"events":[{"introduced":"0"},{"last_affected":"3.11.0-beta5"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]},{"events":[{"introduced":"0"},{"last_affected":"37"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45061.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}