[issue14001] CVE-2012-0845 Python v2.7.2 / v3.2.2 (SimpleXMLRPCServer): DoS (excessive CPU usage) by processing malformed XMLRPC / HTTP POST request

2021-11-04 Thread Erlend E. Aasland
Change by Erlend E. Aasland : -- components: +Library (Lib), XML -email nosy: +Arfrever, dmalcolm, ezio.melotti, flox, iankko, loewis, neologix, orsenthil, pitrou, python-dev, rosslagerwall, schmir -ahmedsayeed1982, barry, r.david.murray ___

[issue14001] CVE-2012-0845 Python v2.7.2 / v3.2.2 (SimpleXMLRPCServer): DoS (excessive CPU usage) by processing malformed XMLRPC / HTTP POST request

2021-11-04 Thread Erlend E. Aasland
Change by Erlend E. Aasland : -- Removed message: https://bugs.python.org/msg405710 ___ Python tracker ___ ___ Python-bugs-list

[issue14001] CVE-2012-0845 Python v2.7.2 / v3.2.2 (SimpleXMLRPCServer): DoS (excessive CPU usage) by processing malformed XMLRPC / HTTP POST request

2021-11-04 Thread Ahmed Sayeed
Ahmed Sayeed added the comment: The glibc regular expression code mishandles regular expressions such as: .*((.)\2){2}$ https://www.webb-dev.co.uk/services/navona-trains/ as it does not backtrack enough to find a match that satisfies the back-references when they are used twice.

[issue14001] CVE-2012-0845 Python v2.7.2 / v3.2.2 (SimpleXMLRPCServer): DoS (excessive CPU usage) by processing malformed XMLRPC / HTTP POST request

2012-02-19 Thread Charles-François Natali
Charles-François Natali neolo...@free.fr added the comment: Committed, thanks! -- resolution: - fixed stage: patch review - committed/rejected status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14001

[issue14001] CVE-2012-0845 Python v2.7.2 / v3.2.2 (SimpleXMLRPCServer): DoS (excessive CPU usage) by processing malformed XMLRPC / HTTP POST request

2012-02-18 Thread Roundup Robot
Roundup Robot devn...@psf.upfronthosting.co.za added the comment: New changeset 24244a744d01 by Charles-François Natali in branch '2.6': Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer http://hg.python.org/cpython/rev/24244a744d01 New changeset 0c02f30b2538 by

[issue14001] CVE-2012-0845 Python v2.7.2 / v3.2.2 (SimpleXMLRPCServer): DoS (excessive CPU usage) by processing malformed XMLRPC / HTTP POST request

2012-02-15 Thread Martin v . Löwis
Martin v. Löwis mar...@v.loewis.de added the comment: As a security issue, it applies to 2.6 and 3.1 as well. -- versions: +Python 2.6, Python 3.1 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14001

[issue14001] CVE-2012-0845 Python v2.7.2 / v3.2.2 (SimpleXMLRPCServer): DoS (excessive CPU usage) by processing malformed XMLRPC / HTTP POST request

2012-02-15 Thread Charles-François Natali
Charles-François Natali neolo...@free.fr added the comment: The test fails on 2.6 and 2.7, because of a EPIPE, which is normal in this case (well, at least expected): test_partial_post (test.test_xmlrpc.SimpleServerTestCase) ... Exception happened during

[issue14001] CVE-2012-0845 Python v2.7.2 / v3.2.2 (SimpleXMLRPCServer): DoS (excessive CPU usage) by processing malformed XMLRPC / HTTP POST request

2012-02-14 Thread Jan Lieskovsky
Jan Lieskovsky ian...@seznam.cz added the comment: The CVE identifier of CVE-2012-0845 has been assigned to this issue: [3] http://www.openwall.com/lists/oss-security/2012/02/13/4 -- title: Python v2.7.2 / v3.2.2 (SimpleXMLRPCServer): DoS (excessive CPU usage) by processing malformed

[issue14001] CVE-2012-0845 Python v2.7.2 / v3.2.2 (SimpleXMLRPCServer): DoS (excessive CPU usage) by processing malformed XMLRPC / HTTP POST request

2012-02-14 Thread Senthil Kumaran
Changes by Senthil Kumaran sent...@uthcode.com: -- nosy: +orsenthil ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14001 ___ ___ Python-bugs-list

[issue14001] CVE-2012-0845 Python v2.7.2 / v3.2.2 (SimpleXMLRPCServer): DoS (excessive CPU usage) by processing malformed XMLRPC / HTTP POST request

2012-02-14 Thread Antoine Pitrou
Changes by Antoine Pitrou pit...@free.fr: -- stage: needs patch - patch review ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14001 ___ ___

[issue14001] CVE-2012-0845 Python v2.7.2 / v3.2.2 (SimpleXMLRPCServer): DoS (excessive CPU usage) by processing malformed XMLRPC / HTTP POST request

2012-02-14 Thread Charles-François Natali
Charles-François Natali neolo...@free.fr added the comment: With test. test_xmlrpc has a timeout detection code which is simply broken (and it's actually documented): I just removed it, so if the server loops, the test will block. I think it's acceptable since other tests behave in the same

[issue14001] CVE-2012-0845 Python v2.7.2 / v3.2.2 (SimpleXMLRPCServer): DoS (excessive CPU usage) by processing malformed XMLRPC / HTTP POST request

2012-02-14 Thread Antoine Pitrou
Antoine Pitrou pit...@free.fr added the comment: The patch looks ok to me. -- nosy: +pitrou ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14001 ___