Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-40898

Published: 23 December 2022

An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.

Notes

AuthorNote
mdeslaur
the python-pip package bundles wheel binaries when built.
After updating wheel, a no-change rebuild of python-pip is
required.
Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
python-pip
Launchpad, Ubuntu, Debian
bionic
Released (9.0.1-2.3~ubuntu1.18.04.6)
focal
Released (20.0.2-5ubuntu1.7)
jammy
Released (22.0.2+dfsg-1ubuntu0.1)
kinetic
Released (22.2+dfsg-1ubuntu0.1)
trusty
Released (1.5.4-1ubuntu4+esm2)
upstream Needed

xenial
Released (8.1.1-2ubuntu0.6+esm3)
wheel
Launchpad, Ubuntu, Debian
bionic
Released (0.30.0-0.2ubuntu0.1)
focal
Released (0.34.2-1ubuntu0.1)
jammy
Released (0.37.1-2ubuntu0.22.04.1)
kinetic
Released (0.37.1-2ubuntu0.22.10.1)
trusty
Released (0.24.0-1~ubuntu1.1+esm1)
upstream
Released (0.38.1)
xenial
Released (0.29.0-1ubuntu0.1~esm1)