CVE-2014-7185 – python: buffer() integer overflow leading to out of bounds read
https://notcve.org/view.php?id=CVE-2014-7185
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. Desbordamiento de enteros en bufferobject.c en Python anterior a 2.7.8 permite a atacantes dependientes de contexto obtener información sensible de la memoria de procesos a través de un tamaño y desplazamiento grande en una función 'buffer'. An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash. • http://bugs.python.org/issue21831 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139663.html http://lists.opensuse.org/opensuse-updates/2014-10/msg00016.html http://rhn.redhat.com/errata/RHSA-2015-1064.html http://rhn.redhat.com/errata/RHSA-2015-1330.html http://www.openwall.com/lists/oss-security/2014/09/23/5 http://www.openwall.com/lists/oss-security/2014/09/25/47 http:/ • CWE-189: Numeric Errors CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2012-0845 – python: SimpleXMLRPCServer CPU usage DoS via malformed XML-RPC request
https://notcve.org/view.php?id=CVE-2012-0845
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. SimpleXMLRPCServer.py en SimpleXMLRPCServer en Python antes de v2.6.8, v2.7.x antes de v2.7.3, v3.x antes de v3.1.5, y v3.2.x antes de v3.2.x, permite a atacantes remotos provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una solicitud XML-RPC POST que contiene una cantidad de datos más pequeña que lo especificado en la cabecera Content-Length. • http://bugs.python.org/issue14001 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://python.org/download/releases/2.6.8 http://python.org/download/releases/2.7.3 http://python.org/download/releases/3.1.5 http://python.org/download/releases/3.2.3 http://secunia.com/advisories/50858 http://secunia.com/advisories/51024 http://secunia.com/advisories/51040 http:/ • CWE-399: Resource Management Errors •
CVE-2011-4940 – python: potential XSS in SimpleHTTPServer's list_directory()
https://notcve.org/view.php?id=CVE-2011-4940
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding. La función list_directory en lib/SimpleHTTPServer.py en SimpleHTTPServer en Python anterior a v2.5.6c1, v2.6.x anterior a v2.6.7 RC2, y v2.7.x anterior a v2.7.2 no pone un parámetro charset en la cabecera Content-Type de HTTP, lo que hace más fácil para los atacantes remotos realizar ataques XSS contra Internet Explorer 7 a través de codificación UTF-7. • http://bugs.python.org/issue11442 http://jvn.jp/en/jp/JVN51176027/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063 http://secunia.com/advisories/50858 http://secunia.com/advisories/51024 http://secunia.com/advisories/51040 http://www.securityfocus.com/bid/54083 http://www.ubuntu.com/usn/USN-1592-1 http://www.ubuntu.com/usn/USN-1596-1 http://www.ubuntu.com/usn/USN-1613-1 http://www.ubuntu.com/usn/USN-1613-2 https://bugzilla.redhat.com/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-1150 – python: hash table collisions CPU usage DoS (oCERT-2011-003)
https://notcve.org/view.php?id=CVE-2012-1150
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. Python anteriores a v2.6.8, v2.7.x anteriores a v2.7.3, 3.x anteriores a v3.1.5, y v3.2.x anteriores a v3.2.3 procesa los valores hash sin restringir la disponibilidad para provocar colisiones predecibles, lo que permite a atacantes dependiendo del contexto provocar una denegación de servicio (consumo de CPU) a través de una entrada manipulada sobre una aplicación que mantiene una tabla hash. • http://bugs.python.org/issue13703 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://mail.python.org/pipermail/python-dev/2011-December/115116.html http://mail.python.org/pipermail/python-dev/2012-January/115892.html http://python.org/download/releases/2.6.8 http://python.org/download/releases/2.7.3 http://python.org/download/releases/3.1.5 http://python.org/download/ • CWE-310: Cryptographic Issues •
CVE-2010-3492
https://notcve.org/view.php?id=CVE-2010-3492
The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. El módulo asyncore en Python anterior a v3.2 no controla correctamente llamadas fallidas a la función accept, y no tiene la documentación adjunta que describa cómo las aplicaciones demonio atienden las llamadas sin éxito a la función accept, lo cual facilita a atacantes remotos realizar ataques de denegación de servicio que terminan estas aplicaciones a través de conexiones de red. • http://bugs.python.org/issue6706 http://www.mandriva.com/security/advisories?name=MDVSA-2010:215 http://www.mandriva.com/security/advisories?name=MDVSA-2010:216 http://www.openwall.com/lists/oss-security/2010/09/09/6 http://www.openwall.com/lists/oss-security/2010/09/11/2 http://www.openwall.com/lists/oss-security/2010/09/22/3 http://www.openwall.com/lists/oss-security/2010/09/24/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Ad •