CVE-2022-26488
https://notcve.org/view.php?id=CVE-2022-26488
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2. • https://mail.python.org/archives/list/security-announce%40python.org/thread/657Z4XULWZNIY5FRP3OWXHYKUSIH6DMN https://security.netapp.com/advisory/ntap-20220419-0005 • CWE-426: Untrusted Search Path •
CVE-2022-0391 – python: urllib.parse does not sanitize URLs containing ASCII newline and tabs
https://notcve.org/view.php?id=CVE-2022-0391
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. • https://bugs.python.org/issue43882 https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U https://security.gentoo.org/glsa/202305-02 https://security.netapp.com/advisory/ntap-20220225-0009 https://www.oracle.com/security-alerts/cpuapr2022.html https://access. • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2022-22816 – python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c
https://notcve.org/view.php?id=CVE-2022-22816
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. La función path_getbbox en el archivo path.c en Pillow versiones anteriores a 9.0.0, presenta una lectura excesiva del buffer durante la inicialización de ImagePath.Path A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or crashes. • https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331 https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling https://security.gentoo.org/glsa/202211-10 https://www.debian.org/security/2022/dsa-5053 https://access.redhat.com/security/cve/CVE-2022-22816 https://bugzilla.redhat.com/show_bug.cgi?id=2042522 • CWE-125: Out-of-bounds Read •
CVE-2022-22817 – python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions
https://notcve.org/view.php?id=CVE-2022-22817
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used. PIL.ImageMath.eval en Pillow antes de la versión 9.0.0 permite la evaluación de expresiones arbitrarias, como las que utilizan el método exec de Python. También se puede utilizar una expresión lambda, A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. • https://github.com/JawadPy/CVE-2022-22817-Exploit https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security https://security.gentoo.org/glsa/202211-10 https://www.debian.org/security/2022/dsa-5053 https://access.redhat.com/se • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2022-22815 – python-pillow: improperly initializes ImagePath.Path in path_getbbox() in path.c
https://notcve.org/view.php?id=CVE-2022-22815
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. La función path_getbbox en el archivo path.c en Pillow versiones anteriores a 9.0.0 inicializa incorrectamente ImagePath.Path A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to improperly initializing the ImagePath. This flaw allows an attacker to access unauthorized memory that causes memory access errors, incorrect results, or crashes. • https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331 https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling https://security.gentoo.org/glsa/202211-10 https://www.debian.org/security/2022/dsa-5053 https://access.redhat.com/security/cve/CVE-2022-22815 https://bugzilla.redhat.com/show_bug.cgi?id=2042511 • CWE-665: Improper Initialization CWE-909: Missing Initialization of Resource •