eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:HDnspython
APPDnspython< 2.6.0Eventlet
APPEventlet< 0.35.2Fedora Project Fedora
OSFedoraproject383940Netapp Bootstrap Os
OSNetappwszystkie wersjeNetapp Hci Compute Node
HWNetappwszystkie wersje
Related vulnerabilities
Apache Tomcat: Path Equivalence prowadzący do RCE i ujawnienia danych
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit
Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML
Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)
Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox