CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-50782 – Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659
https://notcve.org/view.php?id=CVE-2023-50782
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. Se encontró una falla en el paquete python-cryptography. Este problema puede permitir que un atacante remoto descifre mensajes capturados en servidores TLS que utilizan intercambios de claves RSA, lo que puede provocar la exposición de datos confidenciales o sensibles. • https://access.redhat.com/security/cve/CVE-2023-50782 https://bugzilla.redhat.com/show_bug.cgi?id=2254432 https://www.couchbase.com/alerts • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-6507 – Groups not dropped before running subprocess when using empty 'extra_groups' parameter
https://notcve.org/view.php?id=CVE-2023-6507
An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`). Se encontró un problema en el módulo `subproceso` de CPython 3.12.0 en plataformas POSIX. El problema se solucionó en CPython 3.12.1 y no afecta a otras versiones estables. • https://github.com/python/cpython/commit/10e9bb13b8dcaa414645b9bd10718d8f7179e82b https://github.com/python/cpython/commit/85bbfa8a4bbdbb61a3a84fbd7cb29a4096ab8a06 https://github.com/python/cpython/commit/9fe7655c6ce0b8e9adc229daf681b6d30e6b1610 https://github.com/python/cpython/issues/112334 https://mail.python.org/archives/list/security-announce@python.org/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD • CWE-269: Improper Privilege Management •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40217 – python: TLS handshake bypass
https://notcve.org/view.php?id=CVE-2023-40217
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. • https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY https://security.netapp.com/advisory/ntap-20231006-0014 https://www.python.org/dev/security https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 • CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-41105 – python: file path truncation at \0 characters
https://notcve.org/view.php?id=CVE-2023-41105
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. Python 3.11 os.path.normpath() function is vulnerable to path truncation if a null byte is inserted in the middle of passed path. This may result in bypass of allow lists if implemented before the verification of the path. • https://github.com/JawadPy/CVE-2023-41105-Exploit https://github.com/python/cpython/issues/106242 https://github.com/python/cpython/pull/107981 https://github.com/python/cpython/pull/107982 https://github.com/python/cpython/pull/107983 https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD https://security.netapp.com/advisory/ntap-20231006-0015 https://access.redhat.com/security/cve/CVE-2023-41105 https://bugzilla.redhat.com/show_bug.cgi&# • CWE-158: Improper Neutralization of Null Byte or NUL Character CWE-426: Untrusted Search Path •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 1CVE-2022-48566
https://notcve.org/view.php?id=CVE-2022-48566
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. • https://bugs.python.org/issue40791 https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html https://security.netapp.com/advisory/ntap-20231006-0013 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •