CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-6507 – Groups not dropped before running subprocess when using empty 'extra_groups' parameter
https://notcve.org/view.php?id=CVE-2023-6507
08 Dec 2023 — An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. Thi... • https://github.com/python/cpython/commit/10e9bb13b8dcaa414645b9bd10718d8f7179e82b • CWE-269: Improper Privilege Management •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40217 – python: TLS handshake bypass
https://notcve.org/view.php?id=CVE-2023-40217
25 Aug 2023 — An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This da... • https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html • CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-41105 – python: file path truncation at \0 characters
https://notcve.org/view.php?id=CVE-2023-41105
23 Aug 2023 — An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. Python 3.11 os.path.normpath() function is vulnerable to path truncation if a null byte is inserted in the middle of passed path. This may ... • https://github.com/JawadPy/CVE-2023-41105-Exploit • CWE-158: Improper Neutralization of Null Byte or NUL Character CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-48560 – python: use after free in heappushpop() of heapq module
https://notcve.org/view.php?id=CVE-2022-48560
22 Aug 2023 — A use-after-free exists in Python through 3.9 via heappushpop in heapq. A use-after-free vulnerability was found in Python via the heappushpop function in the heapq module. This flaw allows an attacker to submit a specially crafted request, causing a service disruption that leads to a denial of service attack. It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. • https://bugs.python.org/issue39421 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-48564 – python: DoS when processing malformed Apple Property List files in binary format
https://notcve.org/view.php?id=CVE-2022-48564
22 Aug 2023 — read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. A vulnerability was found in the Python core plistlib library within the read_ints() function in the plistlib.py file. In malformed input, the implementation can be manipulated to create an argument for struct.unpack(). This issue can lead to excessive CPU and memory consumption, resulting in a MemError, as it constructs the... • https://bugs.python.org/issue42103 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 4%CPEs: 5EXPL: 2CVE-2022-48565 – python: XML External Entity in XML processing plistlib module
https://notcve.org/view.php?id=CVE-2022-48565
22 Aug 2023 — An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. A flaw was found in Python caused by improper handling of XML external entity (XXE) declarations by the plistlib module. By using a specially crafted XML content, an attacker could obtain sensitive information by disclosing files specified by parsing URI, and may cause denial of service by resource exhaustion. It was discovered ... • https://github.com/Einstein2150/CVE-2022-48565-POC • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 1CVE-2022-48566 – Ubuntu Security Notice USN-6891-1
https://notcve.org/view.php?id=CVE-2022-48566
22 Aug 2023 — An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS. • https://bugs.python.org/issue40791 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38898
https://notcve.org/view.php?id=CVE-2023-38898
15 Aug 2023 — An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not al... • https://github.com/python/cpython/issues/105987 •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 1CVE-2023-36632
https://notcve.org/view.php?id=CVE-2023-36632
25 Jun 2023 — The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or e... • https://docs.python.org/3/library/email.html • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33595
https://notcve.org/view.php?id=CVE-2023-33595
07 Jun 2023 — CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. • https://github.com/python/cpython/issues/103824 • CWE-416: Use After Free •