CVE & CISA-KEV Catalog

CVE-2022-36087

MEDIUM
5.7
CVSS v3
NVD

Description

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.

How to fix

Remediation Available
python-oauthlibDebian
Fixed in:3.2.1-1CVE-2022-36087
Fixed in:3.2.1-1CVE-2022-36087
Fixed in:3.2.1-1CVE-2022-36087
fence-agentsRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agentsRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-aliyunRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-aliyunRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-allRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-allRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-amt-wsRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-amt-wsRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-apcRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-apcRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-apc-snmpRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-apc-snmpRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-awsRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-awsRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-azure-armRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-azure-armRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-bladecenterRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-bladecenterRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-brocadeRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-brocadeRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-cisco-mdsRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-cisco-mdsRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-cisco-ucsRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-cisco-ucsRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-commonRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-commonRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-computeRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-computeRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-debuginfoRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-debuginfoRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-debugsourceRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-debugsourceRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-drac5Red Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-drac5Rocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-eaton-snmpRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-eaton-snmpRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-emersonRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-emersonRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-epsRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-epsRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-gceRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-gceRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-heuristics-pingRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-heuristics-pingRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-hpbladeRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-hpbladeRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-ibm-powervsRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-ibm-powervsRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-ibm-vpcRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-ibm-vpcRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-ibmbladeRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-ibmbladeRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-ifmibRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-ifmibRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-ilo-moonshotRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-ilo-moonshotRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-ilo-mpRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-ilo-mpRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-ilo-sshRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-ilo-sshRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-ilo2Rocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-ilo2Red Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-intelmodularRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-intelmodularRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-ipduRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-ipduRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-ipmilanRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-ipmilanRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-kdumpRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-kdumpRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-kdump-debuginfoRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-kdump-debuginfoRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-kubevirtRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-kubevirtRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-kubevirt-debuginfoRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-kubevirt-debuginfoRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-lparRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-lparRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-mpathRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-mpathRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-openstackRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-openstackRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-redfishRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-redfishRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-rhevmRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-rhevmRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-rsaRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-rsaRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-rsbRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-rsbRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-sbdRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-sbdRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-scsiRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-scsiRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-virshRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-virshRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-vmware-restRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-vmware-restRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-vmware-soapRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-vmware-soapRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-wtiRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-wtiRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-zvmRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-agents-zvmRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virt-debuginfoRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virt-debuginfoRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtdRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtdRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-cpgRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-cpgRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-cpg-debuginfoRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-cpg-debuginfoRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-debuginfoRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-debuginfoRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-libvirtRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-libvirtRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-libvirt-debuginfoRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-libvirt-debuginfoRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-multicastRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-multicastRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-multicast-debuginfoRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-multicast-debuginfoRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-serialRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-serialRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-serial-debuginfoRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-serial-debuginfoRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-tcpRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-tcpRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-tcp-debuginfoRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
fence-virtd-tcp-debuginfoRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
ha-cloud-supportRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
ha-cloud-supportRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
ha-cloud-support-debuginfoRocky
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
ha-cloud-support-debuginfoRed Hat / RHEL
Fixed in:0:4.10.0-43.el9RHSA-2023:2161
python-oauthlibUbuntu
Fixed in:3.2.0-1ubuntu0.1USN-5632-1
python3-oauthlibUbuntu
Fixed in:3.2.0-1ubuntu0.1USN-5632-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Exploit Intelligence

1.26%probability of exploitation in 30 days
66thpercentile

Moderate risk: more likely to be exploited than 66% of all known CVEs.

References

Related Vulnerabilities

Other CWE-20 (Improper Input Validation) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2024-3400Critical10.0100%KEV + Ransom-
CVE-2021-45105Medium5.9100%-Fix
CVE-2021-44228Critical10.0100%KEV + RansomFix
CVE-2021-21985Critical9.8100%KEV + RansomFix
CVE-2018-7600Critical9.8100%KEV + RansomFix
CVE-2020-3452High7.5100%KEVFix
Embed a live status badge for CVE-2022-36087
CVE-2022-36087 severity badge

Markdown

[![CVE-2022-36087](https://tridentstack.com/cve/badge/CVE-2022-36087.svg)](https://tridentstack.com/cve/CVE-2022-36087)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-36087"><img src="https://tridentstack.com/cve/badge/CVE-2022-36087.svg" alt="CVE-2022-36087"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.