{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-36087","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","assignerShortName":"GitHub_M","dateUpdated":"2025-04-22T17:22:22.677Z","dateReserved":"2022-07-15T00:00:00.000Z","datePublished":"2022-09-09T00:00:00.000Z"},"containers":{"cna":{"title":"OAuthLib vulnerable DoS when attacker provides malicious IPV6 URI","providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2023-09-28T03:06:20.018Z"},"descriptions":[{"lang":"en","value":"OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds."}],"affected":[{"vendor":"oauthlib","product":"oauthlib","versions":[{"version":">= 3.1.1, < 3.2.1","status":"affected"}]}],"references":[{"url":"https://github.com/oauthlib/oauthlib/security/advisories/GHSA-3pgj-pg6c-r5p7"},{"url":"https://github.com/oauthlib/oauthlib/commit/2e40b412c844ecc4673c3fa3f72181f228bdbacd"},{"url":"https://github.com/oauthlib/oauthlib/blob/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2/oauthlib/uri_validate.py"},{"url":"https://github.com/oauthlib/oauthlib/blob/d4bafd9f1d0eba3766e933b1ac598cbbf37b8914/oauthlib/oauth2/rfc6749/grant_types/base.py#L232"},{"url":"https://github.com/oauthlib/oauthlib/releases/tag/v3.2.1"},{"name":"FEDORA-2022-5a74a5eea7","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRYLYHE5HWF6R2CRLJFUK4PILR47WXOE/"},{"name":"FEDORA-2023-da094276a2","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2CQZM5CKOUM4GW2GTAPQEQFPITQ6F7S/"},{"name":"FEDORA-2023-49ded4c9a5","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBCQJR3ZF7FVNTJYRVPVSQEQRAYZIUHU/"},{"name":"FEDORA-2023-5ab7049a59","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXOPIA6M57CFQPUT6HHSNXCTV6QA3UDI/"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.7,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20: Improper Input Validation","cweId":"CWE-20"}]}],"source":{"advisory":"GHSA-3pgj-pg6c-r5p7","discovery":"UNKNOWN"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T09:52:00.509Z"},"title":"CVE Program Container","references":[{"url":"https://github.com/oauthlib/oauthlib/security/advisories/GHSA-3pgj-pg6c-r5p7","tags":["x_transferred"]},{"url":"https://github.com/oauthlib/oauthlib/commit/2e40b412c844ecc4673c3fa3f72181f228bdbacd","tags":["x_transferred"]},{"url":"https://github.com/oauthlib/oauthlib/blob/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2/oauthlib/uri_validate.py","tags":["x_transferred"]},{"url":"https://github.com/oauthlib/oauthlib/blob/d4bafd9f1d0eba3766e933b1ac598cbbf37b8914/oauthlib/oauth2/rfc6749/grant_types/base.py#L232","tags":["x_transferred"]},{"url":"https://github.com/oauthlib/oauthlib/releases/tag/v3.2.1","tags":["x_transferred"]},{"name":"FEDORA-2022-5a74a5eea7","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRYLYHE5HWF6R2CRLJFUK4PILR47WXOE/"},{"name":"FEDORA-2023-da094276a2","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2CQZM5CKOUM4GW2GTAPQEQFPITQ6F7S/"},{"name":"FEDORA-2023-49ded4c9a5","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBCQJR3ZF7FVNTJYRVPVSQEQRAYZIUHU/"},{"name":"FEDORA-2023-5ab7049a59","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXOPIA6M57CFQPUT6HHSNXCTV6QA3UDI/"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-04-22T15:44:27.698522Z","id":"CVE-2022-36087","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-22T17:22:22.677Z"}}]}}