正文

urllib3 资源管理错误漏洞

admin
admin V管理员 /0 评论 /8 阅读
0304
此篇文章发布距今已超过1162天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

urllib3 资源管理错误漏洞

  • CNNVD编号:CNNVD-202106-1204
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2021-33503
  • 漏洞类型: 资源管理错误
  • 发布时间: 2021-06-13
  • 威胁类型: 远程
  • 更新时间: 2021-12-01
  • 厂        商:
  • 漏洞来源:

漏洞简介

urllib3是一款Python HTTP库。该产品具有线程安全连接池、文件发布支持等。

Urllib3 存在资源管理错误漏洞,该漏洞源于在鉴权模块的URL中添加@参数导致,攻击者可利用该漏洞引起资源冲突导致拒绝服务。以下产品及型号会受到影响:Urllib3 0.3, 0.3.1, 0.4, 0.4.1, 1.0, 1.0.1, 1.0.2, 1.1, 1.2, 1.2.1, 1.3, 1.4, 1.5, 1.6, 1.7, 1.7.1, 1.8, 1.8.1, 1.8.2, 1.8.3, 1.9, 1.9.1, 1.10, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.11, 1.12, 1.13, 1.13.1, 1.14, 1.15, 1.15.1, 1.16, 1.17, 1.18, 1.18.1, 1.19, 1.19.1, 1.20, 1.21, 1.21.1, 1.22, 1.23, 1.24, 1.24.1, 1.24.2, 1.24.3, 1.25, 1.25.1, 1.25.2, 1.25.3, 1.25.4, 1.25.5, 1.25.6, 1.25.7, 1.25.8, 1.25.9, 1.25.10, 1.25.11, 1.26.0, 1.26.1, 1.26.2, 1.26.3, 1.26.4。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec

参考网址

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73/

来源:CONFIRM

链接:https://github.com/advisories/GHSA-q2q7-5pp4-w6pg

来源:GENTOO

链接:https://security.gentoo.org/glsa/202107-36

来源:MISC

链接:https://www.oracle.com/security-alerts/cpuoct2021.html

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W/

来源:CONFIRM

链接:https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3919

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021061305

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021071501

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-redis-minio-golang-and-urllib3-affect-ibm-spectrum-protect-plus-container-backup-and-restore-for-kubernetes-and-openshift/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2904

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/164991/Red-Hat-Security-Advisory-2021-4702-01.html

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/6520474

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2254

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2021-33503

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021090923

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3820

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3037

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/164097/Red-Hat-Security-Advisory-2021-3473-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/164859/Red-Hat-Security-Advisory-2021-4160-03.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/163514/Gentoo-Linux-Security-Advisory-202107-36.html

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/Python-urllib-overload-via-URL-Authority-Parser-35730

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/6484925

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2192

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/163941/Red-Hat-Security-Advisory-2021-3254-01.html

受影响实体

    暂无


补丁

  • urllib3 资源管理错误漏洞的修复措施
    <!--
    2021-6-13
    -->