| CVE-2023-36632 |
BDSA-2023-1596 |
Low |
Jun 25, 2023 |
** DISPUTED ** The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth
more...
** DISPUTED ** The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code.
less...
|
3.8.18, 3.9.18, 3.10.13, 3.10.12, 3.8.17, 3.9.17, 3.7.17, 3.11.3, 3.10.11, 3.10.10
|
| CVE-2023-27043 |
BDSA-2023-1038 |
Low |
Apr 19, 2023 |
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header
more...
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
less...
|
3.8.18, 3.9.18, 3.10.13, 3.10.12, 3.8.17, 3.9.17, 3.7.17, 3.10.11, 3.10.10, 3.8.16
|
| CVE-2022-48566 |
|
Low |
Aug 22, 2023 |
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulato
more...
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.
less...
|
3.8.18, 3.8.17, 3.7.17, 3.8.16, 3.7.16, 3.8.15, 3.7.15, 3.8.14, 3.7.14, 3.7.13
|
| CVE-2022-48565 |
|
Low |
Aug 22, 2023 |
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files
more...
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
less...
|
3.8.18, 3.8.17, 3.7.17, 3.8.16, 3.7.16, 3.8.15, 3.7.15, 3.8.14, 3.7.14, 3.7.13
|
| CVE-2022-48564 |
|
Low |
Aug 22, 2023 |
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Pro
more...
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
less...
|
3.8.18, 3.9.18, 3.8.17, 3.9.17, 3.7.17, 3.8.16, 3.7.16, 3.9.16, 3.8.15, 3.9.15
|
| CVE-2022-48560 |
|
Low |
Aug 22, 2023 |
A use-after-free exists in Python through 3.9 via heappushpop in heapq.
A use-after-free exists in Python through 3.9 via heappushpop in heapq.
less...
|
3.8.18, 3.8.17, 3.7.17, 3.8.16, 3.7.16, 3.8.15, 3.7.15, 3.8.14, 3.7.14, 3.7.13
|
| BDSA-2023-1429 |
|
Low |
Jun 08, 2023 |
Heap use-after-free vulnerabilities have been discovered in CPython. If a remote attacker can deceive a victim to run a crafted input Python file they
more...
Heap use-after-free vulnerabilities have been discovered in CPython. If a remote attacker can deceive a victim to run a crafted input Python file they could crash the Python interpreter, and there is a possibility the use-after-free could be leveraged for arbitrary code execution.
less...
|
|
| BDSA-2022-3668 |
|
Low |
Dec 22, 2022 |
GNU Sharutils and Python is vulnerable to path traversal which may lead to an arbitrary file write on the file system. An attacker could exploit this f
more...
GNU Sharutils and Python is vulnerable to path traversal which may lead to an arbitrary file write on the file system. An attacker could exploit this flaw by tricking a victim with root privileges into decoding a malicious file in order to write files outside the intended directory.
**Note:**
* The `uu` module in Python is now deprecated and there are currently plans to remove it in version **3.13**. It is only exploitable if no filename is given.
* The Sharutils developers confirmed the report but have advised that this is intended behaviour according to the POSIX standard.
less...
|
|
| BDSA-2017-4087 |
|
Low |
Jun 17, 2022 |
The cpython uuid library is vulnerable to dynamic link library hijacking via the unsafe usage of ctype functionality. An attacker could put specially c
more...
The cpython uuid library is vulnerable to dynamic link library hijacking via the unsafe usage of ctype functionality. An attacker could put specially crafted files into certain directories that are defined in the applications running environment. The code embedded in these files would be executed when the application is run through the cpython interpreter.
One such case where this flaw has manifested is with the Windows operating system and the pgAdmin4 application.
less...
|
|
| BDSA-2007-0008 |
|
Medium |
Sep 21, 2022 |
Python is vulnerable to directory traversal and a symlink attack. This is due to the implementation of Python's `tarfile` module.This vulnerability al
more...
Python is vulnerable to directory traversal and a symlink attack. This is due to the implementation of Python's `tarfile` module.This vulnerability allows an attacker to craft a malicious tar TAR file that, if extracted by applications using Python's `Lib/tarfile.py` `extract` or `extractall` functions, could lead to system files being overwritten.
Depending on how applications use Python's `Lib/tarfile.py` functionality, this may result in a number consequences including total system compromise. If an application can be forced to extract a malicious TAR file, an arbitrary file overwrite could lead to code execution.
**Note:** The vendor disputes that this is a security vulnerability stating that Python's `tarfile` implementation conforms to POSIX guidelines.
less...
|
|
