CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40217 – python: TLS handshake bypass
https://notcve.org/view.php?id=CVE-2023-40217
25 Aug 2023 — An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This da... • https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html • CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-48560 – python: use after free in heappushpop() of heapq module
https://notcve.org/view.php?id=CVE-2022-48560
22 Aug 2023 — A use-after-free exists in Python through 3.9 via heappushpop in heapq. A use-after-free vulnerability was found in Python via the heappushpop function in the heapq module. This flaw allows an attacker to submit a specially crafted request, causing a service disruption that leads to a denial of service attack. It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. • https://bugs.python.org/issue39421 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-48564 – python: DoS when processing malformed Apple Property List files in binary format
https://notcve.org/view.php?id=CVE-2022-48564
22 Aug 2023 — read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. A vulnerability was found in the Python core plistlib library within the read_ints() function in the plistlib.py file. In malformed input, the implementation can be manipulated to create an argument for struct.unpack(). This issue can lead to excessive CPU and memory consumption, resulting in a MemError, as it constructs the... • https://bugs.python.org/issue42103 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 4%CPEs: 5EXPL: 2CVE-2022-48565 – python: XML External Entity in XML processing plistlib module
https://notcve.org/view.php?id=CVE-2022-48565
22 Aug 2023 — An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. A flaw was found in Python caused by improper handling of XML external entity (XXE) declarations by the plistlib module. By using a specially crafted XML content, an attacker could obtain sensitive information by disclosing files specified by parsing URI, and may cause denial of service by resource exhaustion. It was discovered ... • https://github.com/Einstein2150/CVE-2022-48565-POC • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 1CVE-2022-48566 – Ubuntu Security Notice USN-6891-1
https://notcve.org/view.php?id=CVE-2022-48566
22 Aug 2023 — An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS. • https://bugs.python.org/issue40791 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36632
https://notcve.org/view.php?id=CVE-2023-36632
25 Jun 2023 — The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or e... • https://docs.python.org/3/library/email.html • CWE-674: Uncontrolled Recursion •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-27043 – python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple
https://notcve.org/view.php?id=CVE-2023-27043
18 Apr 2023 — The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. USN-7015-1 fixed... • http://python.org • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 13EXPL: 5CVE-2023-24329 – python: urllib.parse url blocklisting bypass
https://notcve.org/view.php?id=CVE-2023-24329
17 Feb 2023 — An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containeri... • https://github.com/JawadPy/CVE-2023-24329-Exploit • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 1CVE-2022-45061 – python: CPU denial of service via inefficient IDNA decoder
https://notcve.org/view.php?id=CVE-2022-45061
09 Nov 2022 — An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostna... • https://github.com/python/cpython/issues/98433 • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 1CVE-2022-26488
https://notcve.org/view.php?id=CVE-2022-26488
07 Mar 2022 — In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) t... • https://github.com/techspence/PyPATHPwner • CWE-426: Untrusted Search Path •