CVE-2023-5625

Python-eventlet: patch regression for cve-2021-21419 in some red hat builds

Description

A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.

References

Link	Tags
https://access.redhat.com/errata/RHSA-2023:6128	patch vendor advisory
https://access.redhat.com/errata/RHSA-2024:0188	vendor advisory
https://access.redhat.com/errata/RHSA-2024:0213	vendor advisory
https://access.redhat.com/security/cve/CVE-2023-5625	vdb entry vendor advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2244717	vendor advisory issue tracking

Frequently Asked Questions

What is the severity of CVE-2023-5625?: CVE-2023-5625 has been scored as a medium severity vulnerability.
How to fix CVE-2023-5625?: To fix CVE-2023-5625, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-5625 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-5625 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-5625?: CVE-2023-5625 affects Red Hat Ironic content for Red Hat OpenShift Container Platform 4.12, Red Hat Red Hat OpenStack Platform 17.1 for RHEL 8, Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9.

Description

Categories

CWE-770 – Allocation of Resources Without Limits or Throttling

CWE-400 – Uncontrolled Resource Consumption

References

Frequently Asked Questions