CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-10379 – python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode()
https://notcve.org/view.php?id=CVE-2020-10379
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. En Pillow versiones anteriores a 7.1.0, se presentan dos Desbordamientos de Búfer en la biblioteca libImaging/TiffDecode.c • https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac https://github.com/python-pillow/Pillow/commits/master/src/libImaging https://github.com/python-pillow/Pillow/pull/4538 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427 https://pillow.readthedocs.io/en/stable/releasenotes/7.1&# • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2020-10378 – python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files
https://notcve.org/view.php?id=CVE-2020-10378
In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. En la biblioteca libImaging/PcxDecode.c en Pillow versiones anteriores a 7.1.0, puede ocurrir una lectura fuera de límites cuando se leen archivos PCX donde state->shuffle es instruido para que lea más allá de state->buffer A flaw was found in python-pillow. In libImaging/PcxDecode.c, an out-of-bounds read occurs when reading PCX files where state->shuffle is instructed to read beyond state->buffer. • https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac https://github.com/python-pillow/Pillow/commits/master/src/libImaging https://github.com/python-pillow/Pillow/pull/4538 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427 https://pillow.readthedocs.io/en/stable/releasenotes/7.1&# • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 1%CPEs: 9EXPL: 0CVE-2020-14422 – python: DoS via inefficiency in IPv{4,6}Interface classes
https://notcve.org/view.php?id=CVE-2020-14422
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2. La biblioteca Lib/ipaddress.py en Python versiones hasta 3.8.3, calcula inapropiadamente los valores de hash en las clases IPv4Interface e IPv6Interface, lo que podría permitir a un atacante remoto causar una denegación de servicio si una aplicación está afectada por el desempeño de un diccionario que contiene objetos de IPv4Interface o IPv6Interface, y este atacante puede causar que muchas entradas de diccionario sean creadas. Esto esta corregido en las versiones: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2 A vulnerability was found in the way the ipaddress python module computes hash values in the IPv4Interface and IPv6Interface classes. This flaw allows an attacker to create many dictionary entries, due to the performance of a dictionary containing the IPv4Interface or IPv6Interface objects, possibly resulting in a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00041.html https://bugs.python.org/issue41004 https://github.com/python/cpython/pull/20956 https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html https://lists.debian.org/debian-lts-announce/2023/ • CWE-330: Use of Insufficiently Random Values CWE-400: Uncontrolled Resource Consumption CWE-682: Incorrect Calculation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-13757 – python-rsa: decryption of ciphertext leads to DoS
https://notcve.org/view.php?id=CVE-2020-13757
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation). Python-RSA versión 4.1, ignora bytes '\0' principales durante la desencriptación del texto cifrado. Esto podría tener un impacto relevante para la seguridad, por ejemplo, al ayudar a un atacante a inferir que una aplicación utiliza Python-RSA, o si la longitud del texto cifrado aceptado afecta al comportamiento de la aplicación (por ejemplo, al causar una asignación excesiva de memoria) A flaw was found in the python-rsa package, where it does not explicitly check the ciphertext length against the key size and ignores the leading 0 bytes during the decryption of the ciphertext. This flaw allows an attacker to perform a ciphertext attack, leading to a denial of service. • https://github.com/sybrenstuvel/python-rsa/issues/146 https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KILTHBHNSDUCYV22ODLOKTICJJ7JQIQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYB65VNILRBTXL6EITQTH2PZPK7I23MW https://usn.ubuntu.com/4478-1 https://access.redhat.com/security/cve/CVE-2020-13757 https://bugzilla.redhat.com/show_bug.cgi?id=1848507 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 2CVE-2020-13388
https://notcve.org/view.php?id=CVE-2020-13388
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used. Se presenta una vulnerabilidad explotable en la funcionalidad configuration-loading del paquete jw.util versiones anteriores a 2.3 para Python. Al cargar una configuración con las funciones FromString o FromStream con YAML, uno puede ejecutar código Python arbitrario, resultando en una ejecución de comando del Sistema Operativo, porque no es usado safe_load. • https://joel-malwarebenchmark.github.io https://joel-malwarebenchmark.github.io/blog/2020/04/27/cve-2020-13388-jw-util-vulnerability https://security.netapp.com/advisory/ntap-20200528-0002 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •