CVE-2022-40898

Name
CVE-2022-40898
Description
An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://pypi.org/project/wheel/
MISC https://github.com/pypa/wheel/blob/main/src/wheel/wheelfile.py#L18
MISC https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:wheel_project:wheel:*:*:*:*:*:python:*:* py3-wheel >= None < 0.38.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
py3-wheel 3.16-main 0.37.1-r0 psykose <alice@ayaya.dev> possibly vulnerable
py3-wheel 3.15-main 0.36.2-r2 Antoine Fontaine <antoine.fontaine@epfl.ch> possibly vulnerable
py3-wheel 3.14-main 0.36.2-r2 Antoine Fontaine <antoine.fontaine@epfl.ch> possibly vulnerable