Page 17 of 2305 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2023-41105 – python: file path truncation at \0 characters

https://notcve.org/view.php?id=CVE-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. Python 3.11 os.path.normpath() function is vulnerable to path truncation if a null byte is inserted in the middle of passed path. This may result in bypass of allow lists if implemented before the verification of the path. • https://github.com/JawadPy/CVE-2023-41105-Exploit https://github.com/python/cpython/issues/106242 https://github.com/python/cpython/pull/107981 https://github.com/python/cpython/pull/107982 https://github.com/python/cpython/pull/107983 https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD https://security.netapp.com/advisory/ntap-20231006-0015 https://access.redhat.com/security/cve/CVE-2023-41105 https://bugzilla.redhat.com/show_bug.cgi&# • CWE-158: Improper Neutralization of Null Byte or NUL Character CWE-426: Untrusted Search Path •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-31102 – 7-Zip 7Z File Parsing Integer Underflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2023-31102

Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive. 7-Zip hasta 22.01 en Linux permite un desbordamiento de números enteros y la ejecución de código a través de un archivo 7Z manipulado. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 7Z files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://ds-security.com/post/integer-overflow-in-7-zip-cve-2023-31102 https://security.netapp.com/advisory/ntap-20231110-0007 https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269 https://www.7-zip.org/download.html https://www.zerodayinitiative.com/advisories/ZDI-23-1165 • CWE-191: Integer Underflow (Wrap or Wraparound) •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1

CVE-2022-48564 – python: DoS when processing malformed Apple Property List files in binary format

https://notcve.org/view.php?id=CVE-2022-48564

read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. A vulnerability was found in the Python core plistlib library within the read_ints() function in the plistlib.py file. In malformed input, the implementation can be manipulated to create an argument for struct.unpack(). This issue can lead to excessive CPU and memory consumption, resulting in a MemError, as it constructs the 'format' argument for unpack(). This flaw allows an attacker to employ a binary plist input, potentially executing a denial of service (DoS) attack by exhausting CPU and RAM resources. • https://bugs.python.org/issue42103 https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html https://security.netapp.com/advisory/ntap-20230929-0009 https://access.redhat.com/security/cve/CVE-2022-48564 https://bugzilla.redhat.com/show_bug.cgi?id=2249750 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 1

CVE-2022-48566

https://notcve.org/view.php?id=CVE-2022-48566

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. • https://bugs.python.org/issue40791 https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html https://security.netapp.com/advisory/ntap-20231006-0013 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1

CVE-2022-48064

https://notcve.org/view.php?id=CVE-2022-48064

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M https://security.netapp.com/advisory/ntap-20231006-0008 https://sourceware.org/bugzilla/show_bug.cgi?id=29922 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git • CWE-770: Allocation of Resources Without Limits or Throttling •