CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-42919 – python: local privilege escalation via the multiprocessing forkserver start method
https://notcve.org/view.php?id=CVE-2022-42919
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. • https://github.com/python/cpython/compare/v3.10.8...v3.10.9 https://github.com/python/cpython/compare/v3.9.15...v3.9.16 https://github.com/python/cpython/issues/97514 https://github.com/python/cpython/issues/97514#issuecomment-1310277840 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKGCQPIVHEAIJ77R3RSNSQWYBUDVWDKU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2LHWWEI5OBQ6RELULMVU6KMDYG4WZXH https://lists.fedo • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 3%CPEs: 15EXPL: 1CVE-2022-37454 – XKCP: buffer overflow in the SHA-3 reference implementation
https://notcve.org/view.php?id=CVE-2022-37454
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. La implementación de referencia de Keccak XKCP SHA-3 versiones anteriores a fdc6fef, presenta un desbordamiento de enteros y un desbordamiento de búfer resultante que permite a atacantes ejecutar código arbitrario o eliminar las propiedades criptográficas esperadas. Esto ocurre en la interfaz de la función sponge A flaw was found in the Keccak XKCP SHA-3 reference implementation. The sponge function interface allows partial input data to be processed, and partial output to be produced. • https://csrc.nist.gov/projects/hash-functions/sha-3-project https://eprint.iacr.org/2023/331 https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658 https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org&# • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 2CVE-2022-39227 – Python-jwt subject to Authentication Bypass by Spoofing
https://notcve.org/view.php?id=CVE-2022-39227
python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication. Users should upgrade to version 3.3.4. • https://github.com/user0x1337/CVE-2022-39227 https://github.com/NoSpaceAvailable/CVE-2022-39227 https://github.com/davedoesdev/python-jwt/commit/88ad9e67c53aa5f7c43ec4aa52ed34b7930068c9 https://github.com/davedoesdev/python-jwt/security/advisories/GHSA-5p8v-58qm-c7fp https://github.com/pypa/advisory-database/blob/main/vulns/python-jwt/PYSEC-2022-259.yaml https://www.vicarius.io/vsociety/posts/authentication-bypass-in-python-jwt • CWE-290: Authentication Bypass by Spoofing •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38887
https://notcve.org/view.php?id=CVE-2022-38887
The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0. d8s-python para python, tal y como es distribuido en PyPI, incluía una potencial puerta trasera de ejecución de código insertada por un tercero. El paquete democritus-strings. La versión afectada es 0.1.0 • https://github.com/democritus-project/d8s-python/issues/36 https://pypi.org/project/d8s-python https://pypi.org/project/democritus-strings • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2020-10735 – python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS
https://notcve.org/view.php?id=CVE-2020-10735
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en python. En los algoritmos con complejidad de tiempo cuadrática que usan bases no binarias, cuando es usada int("text"), un sistema podría tardar 50ms en analizar una cadena int con 100.000 dígitos y 5s para 1.000.000 de dígitos (float, decimal, int.from_bytes(), e int() para bases binarias 2, 4, 8, 16, y 32 no están afectados). • http://www.openwall.com/lists/oss-security/2022/09/21/1 http://www.openwall.com/lists/oss-security/2022/09/21/4 https://access.redhat.com/security/cve/CVE-2020-10735 https://bugzilla.redhat.com/show_bug.cgi?id=1834423 https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y https://github.com/python/cpython/issues/95778 https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fed • CWE-400: Uncontrolled Resource Consumption CWE-704: Incorrect Type Conversion or Cast •