This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Python First view 2007-08-27
Product Python Last view 2023-08-25
Version 3.4.4 Type Application
Update -  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:python:python

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.3 2023-08-25 CVE-2023-40217

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)

7.5 2023-08-23 CVE-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.

5.9 2023-08-22 CVE-2022-48566

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.

9.8 2023-08-22 CVE-2022-48565

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

6.5 2023-08-22 CVE-2022-48564

read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.

7.5 2023-08-22 CVE-2022-48560

A use-after-free exists in Python through 3.9 via heappushpop in heapq.

7.5 2023-06-25 CVE-2023-36632

The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code.

5.3 2023-04-19 CVE-2023-27043

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.

7.5 2023-02-17 CVE-2023-24329

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

7.5 2022-11-09 CVE-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.

7.8 2022-11-07 CVE-2022-42919

Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.

9.8 2022-10-21 CVE-2022-37454

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

7.5 2022-09-09 CVE-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

5.3 2022-08-24 CVE-2021-4189

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

7.4 2022-08-23 CVE-2021-28861

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

7.6 2022-04-13 CVE-2015-20107

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

7.5 2022-03-25 CVE-2018-25032

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

7 2022-03-10 CVE-2022-26488

In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.

6.5 2022-03-10 CVE-2021-3733

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.

7.5 2022-03-04 CVE-2021-3737

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

7.5 2022-02-09 CVE-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.

5.7 2021-05-20 CVE-2021-3426

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

9.8 2021-05-06 CVE-2021-29921

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

5.9 2021-02-15 CVE-2021-23336

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.

9.8 2021-01-19 CVE-2021-3177

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
10% (6) CWE-190 Integer Overflow or Wraparound
8% (5) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
6% (4) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
5% (3) CWE-611 Information Leak Through XML External Entity File Disclosure
5% (3) CWE-426 Untrusted Search Path
5% (3) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
5% (3) CWE-20 Improper Input Validation
3% (2) CWE-787 Out-of-bounds Write
3% (2) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
3% (2) CWE-427 Uncontrolled Search Path Element
3% (2) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
3% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
3% (2) CWE-93 Failure to Sanitize CRLF Sequences ('CRLF Injection')
1% (1) CWE-776 Unrestricted Recursive Entity References in DTDs ('XML Bomb')
1% (1) CWE-704 Incorrect Type Conversion or Cast
1% (1) CWE-693 Protection Mechanism Failure
1% (1) CWE-682 Incorrect Calculation
1% (1) CWE-674 Uncontrolled Recursion
1% (1) CWE-552 Files or Directories Accessible to External Parties
1% (1) CWE-476 NULL Pointer Dereference
1% (1) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
1% (1) CWE-416 Use After Free
1% (1) CWE-407 Algorithmic Complexity
1% (1) CWE-369 Divide By Zero
1% (1) CWE-362 Race Condition

Open Source Vulnerability Database (OSVDB)

id Description
40141 Python tarfile Module TAR Archive Handling Traversal Arbitrary File Overwrite

Snort® IPS/IDS

Date Description
2019-12-17 libexpat internal entity heap over-read attempt
RuleID : 52254 - Type : FILE-OTHER - Revision : 1
2019-12-17 libexpat internal entity heap over-read attempt
RuleID : 52253 - Type : FILE-OTHER - Revision : 1
2020-12-05 TRUFFLEHUNTER TALOS-2019-0758 attack attempt
RuleID : 48855 - Type : PROTOCOL-OTHER - Revision : 1
2020-12-05 TRUFFLEHUNTER TALOS-2019-0758 attack attempt
RuleID : 48854 - Type : PROTOCOL-OTHER - Revision : 1
2018-04-27 Python lib wave.py wav zero channel denial of service attempt
RuleID : 46073 - Type : FILE-OTHER - Revision : 2
2018-04-27 Python lib wave.py wav zero channel denial of service attempt
RuleID : 46072 - Type : FILE-OTHER - Revision : 2
2016-10-18 SSH weak blowfish cipher suite use attempt
RuleID : 40190 - Type : POLICY-OTHER - Revision : 2
2016-10-18 SSH weak 3DES cipher suite use attempt
RuleID : 40189 - Type : POLICY-OTHER - Revision : 2
2016-10-18 SSL weak 3DES cipher suite use attempt
RuleID : 40188 - Type : POLICY-OTHER - Revision : 2
2016-10-18 SSL weak 3DES cipher suite use attempt
RuleID : 40187 - Type : POLICY-OTHER - Revision : 2
2016-10-18 SSL weak 3DES cipher suite use attempt
RuleID : 40186 - Type : POLICY-OTHER - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-2bf852f063.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4544e8dbc8.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-49d6e4bc3f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-5ed8fb9efa.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-71fd5db181.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7689556ab2.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7eae87ec86.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-937e8a39c4.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9860917db0.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-99ff4c8f80.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ac14dbf3fd.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-bbbd8cc3a6.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c3a2174314.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-d3b53d81e6.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ee97fc9e81.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1132.nasl - Type: ACT_GATHER_INFO
2018-12-20 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1132.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1108.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3041.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Fedora host is missing a security update.
File: fedora_2018-28ea2290ad.nasl - Type: ACT_GATHER_INFO
2018-11-08 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1101.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote Fedora host is missing a security update.
File: fedora_2018-14526cbebe.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a2c1453607.nasl - Type: ACT_GATHER_INFO
2018-10-22 Name: The remote Fedora host is missing a security update.
File: fedora_2018-b6de5fc905.nasl - Type: ACT_GATHER_INFO
2018-10-01 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4307.nasl - Type: ACT_GATHER_INFO