Python 3.11.0 Release Candidate 2
Approved changes feed: RSS · Atom
cpe:2.3:a:python:python:3.11.0:rc2:*:*:*:*:*:*
part: a version: 3.11.0 update: rc2
| Vendor | Python (b57ad93a-6195-5192-9423-6cfad6044a8b) |
|---|---|
| Product | Python (fc328eef-0a85-5ddb-b629-b8866ec518c8) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/python |
purl2cpe | 2026-06-01 10:16:29.242941 |
pkg:github/python/cpython |
purl2cpe | 2026-06-01 10:16:29.242942 |
pkg:python/python |
purl2cpe | 2026-06-01 10:16:29.242944 |
pkg:rpm/opensuse/python |
purl2cpe | 2026-06-01 10:16:29.242945 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-45061 |
vulnerable | 2026-06-03 14:48:23.643964 |
Details available
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
Published: 2022-11-09T00:00:00.000Z
Updated: 2025-11-03T21:46:44.155Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.