| Summary: | <dev-python/pydantic-1.8.2: Use of "infinity" as an input to datetime and date fields causes infinite loop (CVE-2021-29510) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Michał Górny <mgorny> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | CC: | python |
| Priority: | Normal | Flags: | nattka:
sanity-check-
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://github.com/samuelcolvin/pydantic/security/advisories/GHSA-5jqp-qgf6-3pvh | ||
| Whiteboard: | ~3 [noglsa] | ||
| Package list: |
dev-python/pydantic-1.8.2
|
Runtime testing required: | --- |
Unable to check for sanity:
> no match for package: dev-python/pydantic-1.8.2
All done, thanks |
Impact Passing either 'infinity', 'inf' or float('inf') (or their negatives) to datetime or date fields causes validation to run forever with 100% CPU usage (on one CPU). Patches Pydantic is be patched with fixes available in the following versions: v1.8.2 v1.7.4 v1.6.2 All these versions are available on pypi, and will be available on conda-forge soon. See the changelog for details.