CVE-2020-25659 – python-cryptography: Bleichenbacher timing oracle attack against RSA decryption
https://notcve.org/view.php?id=CVE-2020-25659
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. python-cryptography versión 3.2, es vulnerable a ataques de sincronización de Bleichenbacher en la API de descifrado RSA, por medio del procesamiento cronometrado de texto cifrado PKCS#1 v1.5 válido A flaw was found in python-cryptography, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality. • https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2020-25659 https://bugzilla.redhat.com/show_bug.cgi?id=1889988 • CWE-385: Covert Timing Channel •
CVE-2020-27619 – python: Unsafe use of eval() on data retrieved via HTTP in the test suite
https://notcve.org/view.php?id=CVE-2020-27619
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. En Python versiones 3 hasta 3.9.0, las pruebas del códec CJK del archivo Lib/test/multibytecodec_support.py llaman a la función eval() en el contenido recuperado por medio de HTTP In Python3's Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. • https://bugs.python.org/issue41944 https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8 https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9 https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33 https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794 https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https:/ • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVE-2020-26116 – python: CRLF injection via HTTP request method in httplib/http.client
https://notcve.org/view.php?id=CVE-2020-26116
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. http.client en Python 3.x antes de la versión 3.5.10, 3.6.x antes de la versión 3.6.12, 3.7.x antes de la versión 3.7.9, y 3.8.x antes de la versión 3.8.5 permite la inyección de CRLF si el atacante controla el método de petición HTTP, como se demuestra insertando caracteres de control CR y LF en el primer argumento de HTTPConnection.request A flaw was found in Python. The built-in modules httplib and http.client (included in Python 2 and Python 3, respectively) do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrity. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00027.html https://bugs.python.org/issue39603 https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BW4GCLQISJCOEGQNIMVUZDQMIY6RR6CC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDQ2THWU4GPV4Y5H5WW5PFMSWXL2CRFD https://lists.fedoraproject.org/ • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVE-2020-14422 – python: DoS via inefficiency in IPv{4,6}Interface classes
https://notcve.org/view.php?id=CVE-2020-14422
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2. La biblioteca Lib/ipaddress.py en Python versiones hasta 3.8.3, calcula inapropiadamente los valores de hash en las clases IPv4Interface e IPv6Interface, lo que podría permitir a un atacante remoto causar una denegación de servicio si una aplicación está afectada por el desempeño de un diccionario que contiene objetos de IPv4Interface o IPv6Interface, y este atacante puede causar que muchas entradas de diccionario sean creadas. Esto esta corregido en las versiones: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2 A vulnerability was found in the way the ipaddress python module computes hash values in the IPv4Interface and IPv6Interface classes. This flaw allows an attacker to create many dictionary entries, due to the performance of a dictionary containing the IPv4Interface or IPv6Interface objects, possibly resulting in a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00041.html https://bugs.python.org/issue41004 https://github.com/python/cpython/pull/20956 https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html https://lists.debian.org/debian-lts-announce/2023/ • CWE-330: Use of Insufficiently Random Values CWE-400: Uncontrolled Resource Consumption CWE-682: Incorrect Calculation •
CVE-2019-9674
https://notcve.org/view.php?id=CVE-2019-9674
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. La biblioteca Lib/zipfile.py en Python versiones hasta 3.7.2, permite a atacantes remotos causar una denegación de servicio (consumo de recursos) por medio de una bomba ZIP. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00041.html https://bugs.python.org/issue36260 https://bugs.python.org/issue36462 https://github.com/python/cpython/blob/master/Lib/zipfile.py https://python-security.readthedocs.io/security.html#archives-and-zip-bomb https://security.netapp.com/advisory/ntap-20200221-0003 https://usn.ubuntu.com/4428-1 https://www.python.org/news/security • CWE-400: Uncontrolled Resource Consumption •