CVE-2023-5625

Python-eventlet: patch regression for cve-2021-21419 in some red hat builds

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.

Se introdujo una regresión en la compilación de Red Hat de python-eventlet debido a un cambio en la estrategia de aplicación del parche, lo que provocó que no se aplicara un parche para CVE-2021-21419 para todas las compilaciones de todos los productos.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-10-17 CVE Reserved
2023-11-01 CVE Published
2024-09-16 CVE Updated
2024-11-07 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-400: Uncontrolled Resource Consumption

CAPEC

References (5)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2023:6128	2024-01-16

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2024:0188	2024-01-16
https://access.redhat.com/errata/RHSA-2024:0213	2024-01-16
https://access.redhat.com/security/cve/CVE-2023-5625	2024-01-16
https://bugzilla.redhat.com/show_bug.cgi?id=2244717	2024-01-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"	Openshift Container Platform For Arm64 Search vendor "Redhat" for product "Openshift Container Platform For Arm64"	4.12 Search vendor "Redhat" for product "Openshift Container Platform For Arm64" and version "4.12"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Openshift Container Platform For Arm64 Search vendor "Redhat" for product "Openshift Container Platform For Arm64"	4.12 Search vendor "Redhat" for product "Openshift Container Platform For Arm64" and version "4.12"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0"	-	Safe
Redhat Search vendor "Redhat"	Openshift Container Platform For Linuxone Search vendor "Redhat" for product "Openshift Container Platform For Linuxone"	4.12 Search vendor "Redhat" for product "Openshift Container Platform For Linuxone" and version "4.12"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Openshift Container Platform For Linuxone Search vendor "Redhat" for product "Openshift Container Platform For Linuxone"	4.12 Search vendor "Redhat" for product "Openshift Container Platform For Linuxone" and version "4.12"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0"	-	Safe
Redhat Search vendor "Redhat"	Openshift Container Platform For Power Search vendor "Redhat" for product "Openshift Container Platform For Power"	4.12 Search vendor "Redhat" for product "Openshift Container Platform For Power" and version "4.12"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Openshift Container Platform For Power Search vendor "Redhat" for product "Openshift Container Platform For Power"	4.12 Search vendor "Redhat" for product "Openshift Container Platform For Power" and version "4.12"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0"	-	Safe
Redhat Search vendor "Redhat"	Openshift Container Platform Ibm Z Systems Search vendor "Redhat" for product "Openshift Container Platform Ibm Z Systems"	4.12 Search vendor "Redhat" for product "Openshift Container Platform Ibm Z Systems" and version "4.12"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Openshift Container Platform Ibm Z Systems Search vendor "Redhat" for product "Openshift Container Platform Ibm Z Systems"	4.12 Search vendor "Redhat" for product "Openshift Container Platform Ibm Z Systems" and version "4.12"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0"	-	Safe
Redhat Search vendor "Redhat"		Openstack Platform Search vendor "Redhat" for product "Openstack Platform"				17.1 Search vendor "Redhat" for product "Openstack Platform" and version "17.1"		-		Affected