An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Wheel | Wheel_project | * | 0.38.1 (excluding) |
| Red Hat Enterprise Linux 9 | RedHat | rhc-worker-playbook-0:0.1.10-1.el9_5 | * |
| Red Hat Enterprise Linux 9 | RedHat | python-wheel-1:0.36.2-8.el9 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-python38-python-wheel-0:0.33.6-9.el7 | * |
| Python-pip | Ubuntu | bionic | * |
| Python-pip | Ubuntu | devel | * |
| Python-pip | Ubuntu | esm-apps/bionic | * |
| Python-pip | Ubuntu | esm-apps/focal | * |
| Python-pip | Ubuntu | esm-apps/jammy | * |
| Python-pip | Ubuntu | esm-apps/xenial | * |
| Python-pip | Ubuntu | esm-infra-legacy/trusty | * |
| Python-pip | Ubuntu | focal | * |
| Python-pip | Ubuntu | jammy | * |
| Python-pip | Ubuntu | kinetic | * |
| Python-pip | Ubuntu | trusty | * |
| Python-pip | Ubuntu | trusty/esm | * |
| Python-pip | Ubuntu | upstream | * |
| Python-pip | Ubuntu | xenial | * |
| Wheel | Ubuntu | bionic | * |
| Wheel | Ubuntu | devel | * |
| Wheel | Ubuntu | esm-apps/bionic | * |
| Wheel | Ubuntu | esm-apps/focal | * |
| Wheel | Ubuntu | esm-apps/jammy | * |
| Wheel | Ubuntu | esm-apps/xenial | * |
| Wheel | Ubuntu | esm-infra-legacy/trusty | * |
| Wheel | Ubuntu | focal | * |
| Wheel | Ubuntu | jammy | * |
| Wheel | Ubuntu | kinetic | * |
| Wheel | Ubuntu | trusty | * |
| Wheel | Ubuntu | trusty/esm | * |
| Wheel | Ubuntu | upstream | * |
| Wheel | Ubuntu | xenial | * |
References
- https://github.com/pypa/wheel/blob/main/src/wheel/wheelfile.py#L18
- https://pypi.org/project/wheel/
- https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
- https://github.com/pypa/wheel/blob/main/src/wheel/wheelfile.py#L18
- https://pypi.org/project/wheel/
- https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/