CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 1CVE-2018-1000117
https://notcve.org/view.php?id=CVE-2018-1000117
Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5. Python Software Foundation CPython, desde la versión 3.2 hasta la 3.6.4 en Windows, contiene una vulnerabilidad de desbordamiento de búfer en la función os.symlink() de Windows que puede resultar en la ejecución de código arbitrario y en un escalado de privilegios. El ataque parece ser explotable mediante un script de python que crea un symlink con un nombre o ubicación controlado por un atacante. • https://github.com/u0pattern/CVE-2018-1000117-Exploit https://bugs.python.org/issue33001 https://github.com/python/cpython/pull/5989 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18207
https://notcve.org/view.php?id=CVE-2017-18207
The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions. ** EN DISPUTA ** La función Wave_read._read_fmt_chunk en Lib/wave.py en Python, hasta la versión 3.6.4, no garantiza un valor de canal nonzero, lo que permite que atacantes remotos provoquen una denegación de servicio (error de división entre cero y cierre inesperado de la aplicación) mediante un archivo de audio wav manipulado. NOTA: el vendedor informa que las aplicaciones de Python "necesitan estar preparadas para manejar una amplia variedad de excepciones". • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://bugs.python.org/issue32056 • CWE-369: Divide By Zero •
CVSS: 3.6EPSS: 0%CPEs: 5EXPL: 1CVE-2018-1000030
https://notcve.org/view.php?id=CVE-2018-1000030
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. • https://github.com/tylepr96/CVE-2018-1000030 https://bugs.python.org/issue31530 https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view https://security.gentoo.org/glsa/201811-02 https://usn.ubuntu.com/3817-1 https://usn.ubuntu.com/3817-2 https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0 https://www.oracle.com/security-alerts/cpujan2020.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17522
https://notcve.org/view.php?id=CVE-2017-17522
Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting ** EN DISPUTA ** Lib/webbrowser.py en Python hasta la versión 3.6.3 no valida las cadenas antes de iniciar el programa especificado por la variable de entorno BROWSER. Esto podría permitir que atacantes remotos lleven a cabo ataques de inyección de argumentos mediante una URL manipulada. NOTA: el mantenedor del software indica que es imposible la explotación de esta vulnerabilidad debido a que el código confía en subprocess.Popen y el ajuste por defecto shell=False. • http://www.securityfocus.com/bid/102207 https://bugs.python.org/issue32367 https://security-tracker.debian.org/tracker/CVE-2017-17522 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2017-1000158
https://notcve.org/view.php?id=CVE-2017-1000158
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) CPython (también conocido como Python) hasta la versión 2.7.13 es vulnerable a un desbordamiento de enteros en la función PyString_DecodeEscape en stringobject.c, lo que resulta en un desbordamiento de búfer basado en memoria dinámica (heap) y, posiblemente, la ejecución de código arbitrario. • http://www.securitytracker.com/id/1039890 https://bugs.python.org/issue30657 https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html https://security.gentoo.org/glsa/201805-02 https://security.netapp.com/advisory/ntap-20230216-0001 https://www.debian.org/security/2018/ • CWE-190: Integer Overflow or Wraparound •