Bug 2328045 (CVE-2024-52804)
| Summary: | CVE-2024-52804 python-tornado: Tornado has HTTP cookie parsing DoS vulnerability | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in Tornado's HTTP cookie parsing algorithm. This vulnerability allows excessive CPU consumption via maliciously crafted cookie headers due to Quadratic complexity, potentially blocking the processing of other requests and leading to the loss of availability of the system.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2328098, 2328099, 2328100, 2328101, 2367421 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2024-11-22 16:01:07 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:10590 https://access.redhat.com/errata/RHSA-2024:10590 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:10836 https://access.redhat.com/errata/RHSA-2024:10836 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2024:10843 https://access.redhat.com/errata/RHSA-2024:10843 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:2471 https://access.redhat.com/errata/RHSA-2025:2471 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:2470 https://access.redhat.com/errata/RHSA-2025:2470 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:2550 https://access.redhat.com/errata/RHSA-2025:2550 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:2872 https://access.redhat.com/errata/RHSA-2025:2872 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Via RHSA-2025:2955 https://access.redhat.com/errata/RHSA-2025:2955 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:2956 https://access.redhat.com/errata/RHSA-2025:2956 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2025:3109 https://access.redhat.com/errata/RHSA-2025:3109 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2025:3108 https://access.redhat.com/errata/RHSA-2025:3108 |