{"id":"CVE-2022-45061","details":"An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.","aliases":["BIT-libpython-2022-45061","BIT-python-2022-45061","BIT-python-min-2022-45061","PSF-2022-10"],"modified":"2026-06-03T04:02:30.661901834Z","published":"2022-11-09T00:00:00Z","related":["ALSA-2023:0833","ALSA-2023:0953","ALSA-2023:2763","ALSA-2023:2764","ALSA-2023:2860","SUSE-SU-2022:4004-1","SUSE-SU-2022:4071-1","SUSE-SU-2022:4251-1","SUSE-SU-2022:4258-1","SUSE-SU-2022:4275-1","SUSE-SU-2023:0213-1","SUSE-SU-2023:0549-1","SUSE-SU-2023:0616-1","SUSE-SU-2023:0707-1","SUSE-SU-2023:0724-1","SUSE-SU-2023:0748-1","openSUSE-SU-2024:12495-1","openSUSE-SU-2024:12500-1","openSUSE-SU-2024:12501-1","openSUSE-SU-2024:12502-1","openSUSE-SU-2024:12503-1","openSUSE-SU-2024:12910-1","openSUSE-SU-2024:14109-1","openSUSE-SU-2024:14434-1","openSUSE-SU-2025:15713-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/45xxx/CVE-2022-45061.json","cna_assigner":"mitre"},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/45xxx/CVE-2022-45061.json"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45061"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202305-02"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20221209-0007/"},{"type":"REPORT","url":"https://github.com/python/cpython/issues/98433"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"b494f5935c92951e75597bfe1c8b1f3112fec270"},{"fixed":"a7a450f84a087421603170c2dad226bb881d4d9a"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-45061.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}