CVE-2012-0876 – expat: hash table collisions CPU usage DoS
https://notcve.org/view.php?id=CVE-2012-0876
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. El analizador XML (xmlparse.c) en expat antes de v2.1.0 calcula los valores de hash sin restringir la capacidad de desencadenar colisiones hash de forma predecible, lo que permite causar una denegación de servicio (por consumo de CPU) a atacantes dependientes de contexto a través de un archivo XML con muchos identificadores con el mismo valor. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. • http://bugs.python.org/issue13703#msg151870 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html http://rhn.redhat.com/errata/RHSA-2012-0731.html http://rhn.redhat.com/errata/RHSA-2016-0062.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://secunia.com/advisories/49504 http://secunia.com/advisories/51024 • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVE-2011-1521 – urllib2): Improper management of ftp:// and file:// URL schemes (Issue #11662)
https://notcve.org/view.php?id=CVE-2011-1521
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. Los módulos urllib y urllib2 en Python v2.x anteriores a v2.7.2 y v3.x anteriores a v3.2.1 procesan los encabezados de ubicación que especificar la redirección del fichero: URLs, lo que hace que sea más fácil para los atacantes remotos obtener información sensible o provocar una denegación de servicio (consumo de recursos) a través de una URL manipulada, como lo demuestra lso ficheros URLs: //etc/passwd y //dev/zero. • http://bugs.python.org/issue11662 http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS http://hg.python.org/cpython/rev/96a6c128822b http://hg.python.org/cpython/rev/b2934d98dac1 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://openwall.com/lists/oss-security/2011/03/24/5 http://openwall.com/lists/oss-secur • CWE-399: Resource Management Errors •
CVE-2010-3492
https://notcve.org/view.php?id=CVE-2010-3492
The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. El módulo asyncore en Python anterior a v3.2 no controla correctamente llamadas fallidas a la función accept, y no tiene la documentación adjunta que describa cómo las aplicaciones demonio atienden las llamadas sin éxito a la función accept, lo cual facilita a atacantes remotos realizar ataques de denegación de servicio que terminan estas aplicaciones a través de conexiones de red. • http://bugs.python.org/issue6706 http://www.mandriva.com/security/advisories?name=MDVSA-2010:215 http://www.mandriva.com/security/advisories?name=MDVSA-2010:216 http://www.openwall.com/lists/oss-security/2010/09/09/6 http://www.openwall.com/lists/oss-security/2010/09/11/2 http://www.openwall.com/lists/oss-security/2010/09/22/3 http://www.openwall.com/lists/oss-security/2010/09/24/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Ad •
CVE-2010-1634 – python: audioop: incorrect integer overflow checks
https://notcve.org/view.php?id=CVE-2010-1634
Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. Múltiples desbordamientos de entero en audioop.c en el módulo audioop en Python v2.6, v2.7, v3.1 y v3.2, permite a atacantes dependientes del contexto provocar una denegación de servicio (caída de aplicación) a través de un fragmento largo, como se ha demostrado mediante una llamada audiolop.lin2lin con una cadena larga en el primer argumento, llevando a cabo un desbordamiento de búfer. NOTA: esta vulnerabilidad existe por un incorrecto parcheado para la CVE-2008-3143.5. • http://bugs.python.org/issue8674 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/39937 http://secunia.com/advisories/40194 http://secunia.com/advisories/42888 http://secunia.com/advisories/43068 http://sec • CWE-190: Integer Overflow or Wraparound •
CVE-2010-2089 – Python 3.2 - 'audioop' Module Memory Corruption
https://notcve.org/view.php?id=CVE-2010-2089
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634. El módulo audioop en Python v2.7 y v3.2 no verifica las relaciones entre tamaños de argumentos y longitud de cadenas de byte, lo que permite a atacantes de contexto causar una denegación de servicio (corrupción de memoria y caída de programa) a través de argumentos manipulados, como queda demostrado por una llamada a audioop.reverse con una cadena de un byte, una vulnerabilidad diferente que CVE-2010-1634. • https://www.exploit-db.com/exploits/34145 http://bugs.python.org/issue7673 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40194 http://secunia.com/advisories/42888 http://secunia.com/advisories/43068 http:& • CWE-787: Out-of-bounds Write •