Search criteria
33 vulnerabilities
CVE-2025-12084 (GCVE-0-2025-12084)
Vulnerability from cvelistv5 – Published: 2025-12-03 18:55 – Updated: 2025-12-03 19:14
VLAI?
Summary
When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.
Severity ?
CWE
- CWE-407 - Inefficient Algorithmic Complexity
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.15.0
(python)
|
Credits
Jacob Walls
Shai Berger
Natalia Bidart
Seth Larson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T19:13:23.548683Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-407",
"description": "CWE-407 Inefficient Algorithmic Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T19:14:59.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.15.0",
"status": "affected",
"version": "0",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jacob Walls"
},
{
"lang": "en",
"type": "reporter",
"value": "Shai Berger"
},
{
"lang": "en",
"type": "reporter",
"value": "Natalia Bidart"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When building nested elements using \u003ccode\u003exml.dom.minidom\u003c/code\u003e methods such as \u003ccode\u003e\u003ccode\u003eappendChild()\u003c/code\u003e\u003c/code\u003e that have a dependency on \u003ccode\u003e_clear_id_cache()\u003c/code\u003e the algorithm is quadratic. Availability can be impacted when building excessively nested documents."
}
],
"value": "When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T19:01:38.366Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/142146"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/142145"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Quadratic complexity in node ID cache clearing",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-12084",
"datePublished": "2025-12-03T18:55:32.222Z",
"dateReserved": "2025-10-22T16:06:55.078Z",
"dateUpdated": "2025-12-03T19:14:59.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13837 (GCVE-0-2025-13837)
Vulnerability from cvelistv5 – Published: 2025-12-01 18:13 – Updated: 2025-12-02 17:42
VLAI?
Summary
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.13.10
(python)
Affected: 3.14.0 , < 3.14.1 (python) Affected: 3.15.0a1 , < 3.15.0 (python) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13837",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T18:23:28.615317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T18:23:49.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"plistlib"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.13.10",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.14.1",
"status": "affected",
"version": "3.14.0",
"versionType": "python"
},
{
"lessThan": "3.15.0",
"status": "affected",
"version": "3.15.0a1",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues"
}
],
"value": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2.1,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T17:42:56.740Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/119343"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/119342"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-memory when loading Plist",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-13837",
"datePublished": "2025-12-01T18:13:32.739Z",
"dateReserved": "2025-12-01T17:54:41.439Z",
"dateUpdated": "2025-12-02T17:42:56.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13836 (GCVE-0-2025-13836)
Vulnerability from cvelistv5 – Published: 2025-12-01 18:02 – Updated: 2025-12-02 18:29
VLAI?
Summary
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
Severity ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.14.1
(python)
Affected: 3.15.0a1 , < 3.15.0 (python) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13836",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T18:32:37.506031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T18:29:21.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"http.client"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.14.1",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.15.0",
"status": "affected",
"version": "3.15.0a1",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS."
}
],
"value": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T17:42:51.160Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/119451"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/119454"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Excessive read buffering DoS in http.client",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-13836",
"datePublished": "2025-12-01T18:02:38.483Z",
"dateReserved": "2025-12-01T17:54:40.759Z",
"dateUpdated": "2025-12-02T18:29:21.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6075 (GCVE-0-2025-6075)
Vulnerability from cvelistv5 – Published: 2025-10-31 16:41 – Updated: 2025-12-02 17:43
VLAI?
Summary
If the value passed to os.path.expandvars() is user-controlled a
performance degradation is possible when expanding environment
variables.
Severity ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.13.10
(python)
Affected: 3.14.0 , < 3.14.1 (python) Affected: 3.15.0a1 , < 3.15.0a2 (python) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6075",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T17:54:46.289107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T17:55:40.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.13.10",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.14.1",
"status": "affected",
"version": "3.14.0",
"versionType": "python"
},
{
"lessThan": "3.15.0a2",
"status": "affected",
"version": "3.15.0a1",
"versionType": "python"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.14.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eIf the value passed to os.path.expandvars() is user-controlled a \nperformance degradation is possible when expanding environment \nvariables.\u003c/div\u003e"
}
],
"value": "If the value passed to os.path.expandvars() is user-controlled a \nperformance degradation is possible when expanding environment \nvariables."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T17:43:40.508Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/136065"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/c8a5f3435c342964e0a432cc9fb448b7dbecd1ba"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/5dceb93486176e6b4a6d9754491005113eb23427"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Quadratic complexity in os.path.expandvars() with user-controlled template",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-6075",
"datePublished": "2025-10-31T16:41:34.983Z",
"dateReserved": "2025-06-13T15:05:20.139Z",
"dateUpdated": "2025-12-02T17:43:40.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8291 (GCVE-0-2025-8291)
Vulnerability from cvelistv5 – Published: 2025-10-07 18:10 – Updated: 2025-12-02 17:43
VLAI?
Summary
The 'zipfile' module would not check the validity of the ZIP64 End of
Central Directory (EOCD) Locator record offset value would not be used to
locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be
assumed to be the previous record in the ZIP archive. This could be abused
to create ZIP archives that are handled differently by the 'zipfile' module
compared to other ZIP implementations.
Remediation maintains this behavior, but checks that the offset specified
in the ZIP64 EOCD Locator record matches the expected value.
Severity ?
4.3 (Medium)
CWE
- CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.24
(python)
Affected: 3.10.0 , < 3.10.19 (python) Affected: 3.11.0 , < 3.11.14 (python) Affected: 3.12.0 , < 3.12.12 (python) Affected: 3.13.0 , < 3.13.10 (python) Affected: 3.14.0 , < 3.14.1 (python) |
Credits
Caleb Brown (Google)
Serhiy Storchaka
Seth Larson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8291",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-29T15:15:06.403842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1285",
"description": "CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T15:15:27.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2025-12.json"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://github.com/google/security-research/security/advisories/GHSA-hhv7-p4pg-wm6p"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.24",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.19",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.14",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.12",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.10",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.1",
"status": "affected",
"version": "3.14.0",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Caleb Brown (Google)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Serhiy Storchaka"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe \u0027zipfile\u0027 module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the \u0027zipfile\u0027 module\ncompared to other ZIP implementations.\u003c/p\u003e\n\u003cp\u003eRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.\u003c/p\u003e"
}
],
"value": "The \u0027zipfile\u0027 module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the \u0027zipfile\u0027 module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T17:43:54.139Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/139702"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/139700"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/76437ac248ad8ca44e9bf697b02b1e2241df2196"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/8392b2f0d35678407d9ce7d95655a5b77de161b4"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/bca11ae7d575d87ed93f5dd6a313be6246e3e388"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d11e69d6203080e3ec450446bfed0516727b85c3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ZIP64 End of Central Directory (EOCD) Locator record offset not checked",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-8291",
"datePublished": "2025-10-07T18:10:05.908Z",
"dateReserved": "2025-07-28T21:05:06.237Z",
"dateUpdated": "2025-12-02T17:43:54.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8869 (GCVE-0-2025-8869)
Vulnerability from cvelistv5 – Published: 2025-09-24 14:56 – Updated: 2025-11-03 17:45
VLAI?
Summary
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.
Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706.
Note that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706
and therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a Python version that implements PEP 706
then pip doesn't use the "vulnerable" fallback code.
Mitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python >=3.9.17, >=3.10.12, >=3.11.4, or >=3.12),
applying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice.
Severity ?
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Packaging Authority | pip |
Affected:
0 , < 25.3
(python)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T19:47:29.080800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T19:48:16.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:45:31.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/pip",
"defaultStatus": "unaffected",
"packageName": "pip",
"product": "pip",
"repo": "https://github.com/pypa/pip",
"vendor": "Python Packaging Authority",
"versions": [
{
"lessThan": "25.3",
"status": "affected",
"version": "0",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn\u0027t implement PEP 706.\u003cbr\u003eNote that upgrading pip to a \"fixed\" version for this vulnerability doesn\u0027t fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706.\u003cbr\u003e\u003cbr\u003eNote that this is a vulnerability in pip\u0027s fallback implementation of tar extraction for Python versions that don\u0027t implement PEP 706\u003cbr\u003eand therefore are not secure to all vulnerabilities in the Python \u0027tarfile\u0027 module. If you\u0027re using a Python version that implements PEP 706\u003cbr\u003ethen pip doesn\u0027t use the \"vulnerable\" fallback code.\u003cbr\u003e\u003cbr\u003eMitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python \u0026gt;=3.9.17, \u0026gt;=3.10.12, \u0026gt;=3.11.4, or \u0026gt;=3.12),\u003cbr\u003eapplying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice."
}
],
"value": "When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn\u0027t implement PEP 706.\nNote that upgrading pip to a \"fixed\" version for this vulnerability doesn\u0027t fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706.\n\nNote that this is a vulnerability in pip\u0027s fallback implementation of tar extraction for Python versions that don\u0027t implement PEP 706\nand therefore are not secure to all vulnerabilities in the Python \u0027tarfile\u0027 module. If you\u0027re using a Python version that implements PEP 706\nthen pip doesn\u0027t use the \"vulnerable\" fallback code.\n\nMitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python \u003e=3.9.17, \u003e=3.10.12, \u003e=3.11.4, or \u003e=3.12),\napplying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T14:57:34.790Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/pypa/pip/pull/13550"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Fallback tar extraction in pip doesn\u0027t check symbolic links point to extraction directory",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-8869",
"datePublished": "2025-09-24T14:56:56.027Z",
"dateReserved": "2025-08-11T15:55:10.199Z",
"dateUpdated": "2025-11-03T17:45:31.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8194 (GCVE-0-2025-8194)
Vulnerability from cvelistv5 – Published: 2025-07-28 18:42 – Updated: 2025-11-04 22:06
VLAI?
Summary
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives.
This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
Severity ?
7.5 (High)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.24
(python)
Affected: 3.10.0 , < 3.10.19 (python) Affected: 3.11.0 , < 3.11.14 (python) Affected: 3.12.0 , < 3.12.12 (python) Affected: 3.13.0 , < 3.13.6 (python) Affected: 3.14.0a1 , < 3.14.0rc2 (python) |
Credits
Alexander Urieles
Seth Larson
Ethan Furman
Steve Dower
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T18:57:54.114655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T18:57:59.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T22:06:48.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/07/28/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/07/28/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.24",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.19",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.14",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.12",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.6",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0rc2",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Alexander Urieles"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Ethan Furman"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Steve Dower"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a defect in the CPython \u201ctarfile\u201d module affecting the \u201cTarFile\u201d extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \u003cbr\u003e\u003cbr\u003eThis vulnerability can be mitigated by including the following patch after importing the \u201ctarfile\u201d module:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1\"\u003ehttps://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1\u003c/a\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "There is a defect in the CPython \u201ctarfile\u201d module affecting the \u201cTarFile\u201d extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \n\nThis vulnerability can be mitigated by including the following patch after importing the \u201ctarfile\u201d module:\u00a0 https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T18:38:02.590Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/130577"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/137027"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe"
},
{
"tags": [
"mitigation"
],
"url": "https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cb"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Tarfile infinite loop during parsing with negative member offset",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-8194",
"datePublished": "2025-07-28T18:42:44.847Z",
"dateReserved": "2025-07-25T14:05:55.899Z",
"dateUpdated": "2025-11-04T22:06:48.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6069 (GCVE-0-2025-6069)
Vulnerability from cvelistv5 – Published: 2025-06-17 13:39 – Updated: 2025-10-09 18:37
VLAI?
Summary
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
Severity ?
4.3 (Medium)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.24
(python)
Affected: 3.10.0 , < 3.10.19 (python) Affected: 3.11.0 , < 3.11.14 (python) Affected: 3.12.0 , < 3.12.12 (python) Affected: 3.13.0 , < 3.13.6 (python) Affected: 3.14.0a1 , < 3.14.0b3 (python) |
Credits
Serhiy Storchaka
Jake Howard
sw0rd1ight
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T13:58:28.646020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T13:58:41.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"html.parser"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.24",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.19",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.14",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.12",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.6",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0b3",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Serhiy Storchaka"
},
{
"lang": "en",
"type": "reporter",
"value": "Jake Howard"
},
{
"lang": "en",
"type": "finder",
"value": "sw0rd1ight"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service."
}
],
"value": "The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T18:37:55.979Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/135462"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/135464"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HTMLParser quadratic complexity when processing malformed inputs",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-6069",
"datePublished": "2025-06-17T13:39:46.058Z",
"dateReserved": "2025-06-13T14:05:15.473Z",
"dateUpdated": "2025-10-09T18:37:55.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12718 (GCVE-0-2024-12718)
Vulnerability from cvelistv5 – Published: 2025-06-03 12:59 – Updated: 2025-07-24 15:57
VLAI?
Summary
Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory.
You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature.
Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.
Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
Severity ?
5.3 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.23
(python)
Affected: 3.10.0 , < 3.10.18 (python) Affected: 3.11.0 , < 3.11.13 (python) Affected: 3.12.0 , < 3.12.11 (python) Affected: 3.13.0 , < 3.13.4 (python) Affected: 3.14.0a1 , < 3.14.0b3 (python) |
Credits
Jakub Wilk
Seth Larson
Petr Viktorin
Serhiy Storchaka
Hugo van Kemenade
Łukasz Langa
Thomas Wouters
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12718",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T15:57:41.217375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T15:57:58.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/python/cpython/issues/127987"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.23",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.18",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.13",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.11",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.4",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0b3",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jakub Wilk"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Petr Viktorin"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Serhiy Storchaka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Hugo van Kemenade"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "\u0141ukasz Langa"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Thomas Wouters"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAllows modifying some file metadata (e.g. last modified) with \u003c/span\u003e\u003ccode\u003efilter=\"data\"\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or file permissions (chmod) with \u003c/span\u003e\u003ccode\u003efilter=\"tar\"\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;of files outside the extraction directory.\u003cbr\u003e\u003cp\u003eYou are affected by this vulnerability if using the \u003ccode\u003etarfile\u003c/code\u003e\u0026nbsp;module to extract untrusted tar archives using \u003ccode\u003eTarFile.extractall()\u003c/code\u003e\u0026nbsp;or \u003ccode\u003eTarFile.extract()\u003c/code\u003e\u0026nbsp;using the \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;parameter with a value of \u003ccode\u003e\"data\"\u003c/code\u003e\u0026nbsp;or \u003ccode\u003e\"tar\"\u003c/code\u003e. See the tarfile \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter\"\u003eextraction filters documentation\u003c/a\u003e\u0026nbsp;for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don\u0027t include the extraction filter feature.\u003c/p\u003e\u003cp\u003eNote that for Python 3.14 or later the default value of \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\u003c/p\u003e\u003cp\u003eNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.\u003c/p\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Allows modifying some file metadata (e.g. last modified) with filter=\"data\"\u00a0or file permissions (chmod) with filter=\"tar\"\u00a0of files outside the extraction directory.\nYou are affected by this vulnerability if using the tarfile\u00a0module to extract untrusted tar archives using TarFile.extractall()\u00a0or TarFile.extract()\u00a0using the filter=\u00a0parameter with a value of \"data\"\u00a0or \"tar\". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter \u00a0for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don\u0027t include the extraction filter feature.\n\nNote that for Python 3.14 or later the default value of filter=\u00a0changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T17:34:47.214Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/135034"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/135037"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/127987"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"tags": [
"mitigation"
],
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bypass extraction filter to modify file metadata outside extraction directory",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2024-12718",
"datePublished": "2025-06-03T12:59:10.908Z",
"dateReserved": "2024-12-17T17:04:51.209Z",
"dateUpdated": "2025-07-24T15:57:58.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4435 (GCVE-0-2025-4435)
Vulnerability from cvelistv5 – Published: 2025-06-03 12:59 – Updated: 2025-07-07 17:36
VLAI?
Summary
When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped.
Severity ?
7.5 (High)
CWE
- CWE-682 - Incorrect Calculation
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.23
(python)
Affected: 3.10.0 , < 3.10.18 (python) Affected: 3.11.0 , < 3.11.13 (python) Affected: 3.12.0 , < 3.12.11 (python) Affected: 3.13.0 , < 3.13.4 (python) Affected: 3.14.0a1 , < 3.14.0b3 (python) |
Credits
Chuck Woodraska
Petr Viktorin
Serhiy Storchaka
Hugo van Kemenade
Łukasz Langa
Thomas Wouters
Seth Larson
Matt Prodani
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-03T13:58:00.099450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-682",
"description": "CWE-682 Incorrect Calculation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:34:40.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"tarfile"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.23",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.18",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.13",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.11",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.4",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0b3",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Chuck Woodraska"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Petr Viktorin"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Serhiy Storchaka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Hugo van Kemenade"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "\u0141ukasz Langa"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Thomas Wouters"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Matt Prodani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen using a \u003c/span\u003e\u003ccode\u003eTarFile.errorlevel = 0\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of \u003c/span\u003e\u003ccode\u003eTarFile.errorlevel = 0\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;in affected versions is that the member would still be extracted and not skipped.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "When using a TarFile.errorlevel = 0\u00a0and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0\u00a0in affected versions is that the member would still be extracted and not skipped."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T17:36:13.968Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/135034"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/135037"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Tarfile extracts filtered members when errorlevel=0",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-4435",
"datePublished": "2025-06-03T12:59:06.792Z",
"dateReserved": "2025-05-08T15:05:11.874Z",
"dateUpdated": "2025-07-07T17:36:13.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4138 (GCVE-0-2025-4138)
Vulnerability from cvelistv5 – Published: 2025-06-03 12:59 – Updated: 2025-07-07 17:36
VLAI?
Summary
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.
You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information.
Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.
Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.23
(python)
Affected: 3.10.0 , < 3.10.18 (python) Affected: 3.11.0 , < 3.11.13 (python) Affected: 3.12.0 , < 3.12.11 (python) Affected: 3.13.0 , < 3.13.4 (python) Affected: 3.14.0a1 , < 3.14.0b3 (python) |
Credits
Caleb Brown (Google)
Petr Viktorin
Serhiy Storchaka
Hugo van Kemenade
Łukasz Langa
Thomas Wouters
Seth Larson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-03T13:29:22.889454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T13:29:36.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"tarfile"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.23",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.18",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.13",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.11",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.4",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0b3",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Caleb Brown (Google)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Petr Viktorin"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Serhiy Storchaka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Hugo van Kemenade"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "\u0141ukasz Langa"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Thomas Wouters"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAllows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eYou are affected by this vulnerability if using the \u003ccode\u003etarfile\u003c/code\u003e\u0026nbsp;module to extract untrusted tar archives using \u003ccode\u003eTarFile.extractall()\u003c/code\u003e\u0026nbsp;or \u003ccode\u003eTarFile.extract()\u003c/code\u003e\u0026nbsp;using the \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;parameter with a value of \u003ccode\u003e\"data\"\u003c/code\u003e\u0026nbsp;or \u003ccode\u003e\"tar\"\u003c/code\u003e. See the tarfile \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter\"\u003eextraction filters documentation\u003c/a\u003e\u0026nbsp;for more information.\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eNote that for Python 3.14 or later the default value of \u003c/span\u003e\u003ccode\u003efilter=\u003c/code\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\n\n\nYou are affected by this vulnerability if using the tarfile\u00a0module to extract untrusted tar archives using TarFile.extractall()\u00a0or TarFile.extract()\u00a0using the filter=\u00a0parameter with a value of \"data\"\u00a0or \"tar\". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter \u00a0for more information.\n\nNote that for Python 3.14 or later the default value of filter=\u00a0changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T17:36:01.739Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/135034"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/135037"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"tags": [
"mitigation"
],
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-4138",
"datePublished": "2025-06-03T12:59:02.717Z",
"dateReserved": "2025-04-30T13:35:55.675Z",
"dateUpdated": "2025-07-07T17:36:01.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4330 (GCVE-0-2025-4330)
Vulnerability from cvelistv5 – Published: 2025-06-03 12:58 – Updated: 2025-07-07 17:36
VLAI?
Summary
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.
You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information.
Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.
Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.23
(python)
Affected: 3.10.0 , < 3.10.18 (python) Affected: 3.11.0 , < 3.11.13 (python) Affected: 3.12.0 , < 3.12.11 (python) Affected: 3.13.0 , < 3.13.4 (python) Affected: 3.14.0a1 , < 3.14.0b3 (python) |
Credits
Caleb Brown (Google)
Petr Viktorin
Serhiy Storchaka
Hugo van Kemenade
Łukasz Langa
Thomas Wouters
Seth Larson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-03T13:27:07.778910Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T13:24:45.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"tarfile"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.23",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.18",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.13",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.11",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.4",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0b3",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Caleb Brown (Google)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Petr Viktorin"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Serhiy Storchaka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Hugo van Kemenade"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "\u0141ukasz Langa"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Thomas Wouters"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAllows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eYou are affected by this vulnerability if using the \u003ccode\u003etarfile\u003c/code\u003e\u0026nbsp;module to extract untrusted tar archives using \u003ccode\u003eTarFile.extractall()\u003c/code\u003e\u0026nbsp;or \u003ccode\u003eTarFile.extract()\u003c/code\u003e\u0026nbsp;using the \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;parameter with a value of \u003ccode\u003e\"data\"\u003c/code\u003e\u0026nbsp;or \u003ccode\u003e\"tar\"\u003c/code\u003e. See the tarfile \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter\"\u003eextraction filters documentation\u003c/a\u003e\u0026nbsp;for more information.\u003c/p\u003e\u003cp\u003eNote that for Python 3.14 or later the default value of \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\u003c/p\u003e\u003cp\u003eNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.\u003cbr\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\n\n\nYou are affected by this vulnerability if using the tarfile\u00a0module to extract untrusted tar archives using TarFile.extractall()\u00a0or TarFile.extract()\u00a0using the filter=\u00a0parameter with a value of \"data\"\u00a0or \"tar\". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter \u00a0for more information.\n\nNote that for Python 3.14 or later the default value of filter=\u00a0changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T17:36:07.725Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/135034"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/135037"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"tags": [
"mitigation"
],
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extraction filter bypass for linking outside extraction directory",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-4330",
"datePublished": "2025-06-03T12:58:57.452Z",
"dateReserved": "2025-05-05T15:05:14.302Z",
"dateUpdated": "2025-07-07T17:36:07.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4517 (GCVE-0-2025-4517)
Vulnerability from cvelistv5 – Published: 2025-06-03 12:58 – Updated: 2025-10-24 03:55
VLAI?
Summary
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data".
You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information.
Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.
Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
Severity ?
9.4 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.23
(python)
Affected: 3.10.0 , < 3.10.18 (python) Affected: 3.11.0 , < 3.11.13 (python) Affected: 3.12.0 , < 3.12.11 (python) Affected: 3.13.0 , < 3.13.4 (python) Affected: 3.14.0a1 , < 3.14.0b3 (python) |
Credits
Caleb Brown (Google)
Petr Viktorin
Serhiy Storchaka
Hugo van Kemenade
Łukasz Langa
Thomas Wouters
Seth Larson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T03:55:17.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"tarfile"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.23",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.18",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.13",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.11",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.4",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0b3",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Caleb Brown (Google)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Petr Viktorin"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Serhiy Storchaka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Hugo van Kemenade"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "\u0141ukasz Langa"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Thomas Wouters"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAllows arbitrary filesystem writes outside the extraction directory during extraction with \u003c/span\u003e\u003ccode\u003efilter=\"data\"\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eYou are affected by this vulnerability if using the \u003ccode\u003etarfile\u003c/code\u003e\u0026nbsp;module to extract untrusted tar archives using \u003ccode\u003eTarFile.extractall()\u003c/code\u003e\u0026nbsp;or \u003ccode\u003eTarFile.extract()\u003c/code\u003e\u0026nbsp;using the \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;parameter with a value of \u003ccode\u003e\"data\"\u003c/code\u003e\u0026nbsp;or \u003ccode\u003e\"tar\"\u003c/code\u003e. See the tarfile \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter\"\u003eextraction filters documentation\u003c/a\u003e\u0026nbsp;for more information.\u003c/p\u003e\u003cp\u003eNote that for Python 3.14 or later the default value of \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\u003c/p\u003e\u003cp\u003eNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Allows arbitrary filesystem writes outside the extraction directory during extraction with filter=\"data\".\n\n\nYou are affected by this vulnerability if using the tarfile\u00a0module to extract untrusted tar archives using TarFile.extractall()\u00a0or TarFile.extract()\u00a0using the filter=\u00a0parameter with a value of \"data\"\u00a0or \"tar\". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter \u00a0for more information.\n\nNote that for Python 3.14 or later the default value of filter=\u00a0changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T17:36:26.194Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/135034"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/135037"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"tags": [
"mitigation"
],
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary writes via tarfile realpath overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-4517",
"datePublished": "2025-06-03T12:58:50.352Z",
"dateReserved": "2025-05-09T15:05:07.139Z",
"dateUpdated": "2025-10-24T03:55:17.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4516 (GCVE-0-2025-4516)
Vulnerability from cvelistv5 – Published: 2025-05-15 13:29 – Updated: 2025-06-03 20:53
VLAI?
Summary
There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.23
(python)
Affected: 3.10.0 , < 3.10.18 (python) Affected: 3.11.0 , < 3.11.13 (python) Affected: 3.12.0 , < 3.12.11 (python) Affected: 3.13.0 , < 3.13.4 (python) Affected: 3.14.0a1 , < 3.14.0b2 (python) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4516",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T14:18:44.612125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T14:18:50.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-19T10:03:31.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/16/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/19/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.23",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.18",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.13",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.11",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.4",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0b2",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError."
}
],
"value": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T20:53:33.583Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/133767"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/129648"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use-after-free in \"unicode_escape\" decoder with error handler",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-4516",
"datePublished": "2025-05-15T13:29:20.126Z",
"dateReserved": "2025-05-09T14:59:53.878Z",
"dateUpdated": "2025-06-03T20:53:33.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1795 (GCVE-0-2025-1795)
Vulnerability from cvelistv5 – Published: 2025-02-28 18:59 – Updated: 2025-12-01 19:01
VLAI?
Summary
During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.
Severity ?
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.23
(python)
Affected: 3.10.0 , < 3.10.17 (python) Affected: 3.11.0 , < 3.11.9 (python) Affected: 3.12.0 , < 3.12.3 (python) Affected: 3.13.0a1 , < 3.13.0a5 (python) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T20:30:47.670593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T20:32:56.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:57:12.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"email"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.23",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.17",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.9",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.3",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.0a5",
"status": "affected",
"version": "3.13.0a1",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers."
}
],
"value": "During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T19:01:01.034Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/100884"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/100885"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/119099"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/a4ef689ce670684ec132204b1cd03720c8e0a03d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d4df3c55e4c5513947f907f24766b34d2ae8c090"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Mishandling of comma during folding and unicode-encoding of email headers",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-1795",
"datePublished": "2025-02-28T18:59:31.784Z",
"dateReserved": "2025-02-28T18:49:37.957Z",
"dateUpdated": "2025-12-01T19:01:01.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-3220 (GCVE-0-2024-3220)
Vulnerability from cvelistv5 – Published: 2025-02-14 16:18 – Updated: 2025-03-14 10:03
VLAI?
Summary
There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the incorrect file type.
This defect is caused by the default locations of Linux and macOS platforms (such as “/etc/mime.types”) also being used on Windows, where they are user-writable locations (“C:\etc\mime.types”).
To work-around this issue a user can call mimetypes.init() with an empty list (“[]”) on Windows platforms to avoid using the default list of known file locations.
Severity ?
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.14.0
(python)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3220",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T16:46:00.511698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T16:46:05.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-14T10:03:04.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/02/14/8"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250314-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.14.0",
"status": "affected",
"version": "0",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a defect in the CPython standard library module \u201cmimetypes\u201d where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the incorrect file type.\u003cbr\u003e\u003cbr\u003eThis defect is caused by the default locations of Linux and macOS platforms (such as \u201c/etc/mime.types\u201d) also being used on Windows, where they are user-writable locations (\u201cC:\\etc\\mime.types\u201d).\u003cbr\u003e\u003cbr\u003eTo work-around this issue a user can call mimetypes.init() with an empty list (\u201c[]\u201d) on Windows platforms to avoid using the default list of known file locations."
}
],
"value": "There is a defect in the CPython standard library module \u201cmimetypes\u201d where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the incorrect file type.\n\nThis defect is caused by the default locations of Linux and macOS platforms (such as \u201c/etc/mime.types\u201d) also being used on Windows, where they are user-writable locations (\u201cC:\\etc\\mime.types\u201d).\n\nTo work-around this issue a user can call mimetypes.init() with an empty list (\u201c[]\u201d) on Windows platforms to avoid using the default list of known file locations."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T16:18:00.918Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/CDXW34ND2LSAOYAR5N6UNONP4ZBX4D6R/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Default mimetype known files writeable on Windows",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2024-3220",
"datePublished": "2025-02-14T16:18:00.918Z",
"dateReserved": "2024-04-02T18:08:09.733Z",
"dateUpdated": "2025-03-14T10:03:04.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0938 (GCVE-0-2025-0938)
Vulnerability from cvelistv5 – Published: 2025-01-31 17:51 – Updated: 2025-11-03 20:56
VLAI?
Summary
The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.22
(python)
Affected: 3.10.0 , < 3.10.17 (python) Affected: 3.11.0 , < 3.11.12 (python) Affected: 3.12.0 , < 3.12.9 (python) Affected: 3.13.0 , < 3.13.2 (python) Affected: 3.14.0a1 , < 3.14.0a5 (python) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:50:16.654297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:50:29.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:56:43.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250314-0002/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.22",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.17",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.12",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.9",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.2",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0a5",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.\u003cbr\u003e"
}
],
"value": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T17:35:52.426Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/105704"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/129418"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/90e526ae67b172ed7c6c56e7edad36263b0f9403"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/a7084f6075c9595ba60119ce8c62f1496f50c568"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/526617ed68cde460236c973e5d0a8bad4de896ba"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/b8b4b713c5f8ec0958c7ef8d29d6711889bc94ab"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/ff4e5c25666f63544071a6b075ae8b25c98b7a32"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "URL parser allowed square brackets in domain names",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-0938",
"datePublished": "2025-01-31T17:51:35.898Z",
"dateReserved": "2025-01-31T17:45:10.107Z",
"dateUpdated": "2025-11-03T20:56:43.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12254 (GCVE-0-2024-12254)
Vulnerability from cvelistv5 – Published: 2024-12-06 15:19 – Updated: 2025-04-04 23:03
VLAI?
Summary
Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()
method would not "pause" writing and signal to the Protocol to drain
the buffer to the wire once the write buffer reached the "high-water
mark". Because of this, Protocols would not periodically drain the write
buffer potentially leading to memory exhaustion.
This
vulnerability likely impacts a small number of users, you must be using
Python 3.12.0 or later, on macOS or Linux, using the asyncio module
with protocols, and using .writelines() method which had new
zero-copy-on-write behavior in Python 3.12.0 and later. If not all of
these factors are true then your usage of Python is unaffected.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
3.12.0 , < 3.12.9
(python)
Affected: 3.13.0 , < 3.13.2 (python) Affected: 3.14.0a1 , < 3.14.0a3 (python) |
Credits
J. Nick Koston
Seth Larson
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cpython",
"vendor": "python_software_foundation",
"versions": [
{
"lessThan": "3.14.0a1",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-12254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T15:35:11.234951Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T16:54:28.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-04T23:03:00.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/12/06/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250404-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"asyncio"
],
"platforms": [
"MacOS",
"Linux"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.12.9",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.2",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0a3",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "J. Nick Koston"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eStarting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()\n method would not \"pause\" writing and signal to the Protocol to drain \nthe buffer to the wire once the write buffer reached the \"high-water \nmark\". Because of this, Protocols would not periodically drain the write\n buffer potentially leading to memory exhaustion.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis\n vulnerability likely impacts a small number of users, you must be using\n Python 3.12.0 or later, on macOS or Linux, using the asyncio module \nwith protocols, and using .writelines() method which had new \nzero-copy-on-write behavior in Python 3.12.0 and later. If not all of \nthese factors are true then your usage of Python is unaffected.\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()\n method would not \"pause\" writing and signal to the Protocol to drain \nthe buffer to the wire once the write buffer reached the \"high-water \nmark\". Because of this, Protocols would not periodically drain the write\n buffer potentially leading to memory exhaustion.\n\n\n\n\n\nThis\n vulnerability likely impacts a small number of users, you must be using\n Python 3.12.0 or later, on macOS or Linux, using the asyncio module \nwith protocols, and using .writelines() method which had new \nzero-copy-on-write behavior in Python 3.12.0 and later. If not all of \nthese factors are true then your usage of Python is unaffected."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:38:34.082Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/127655"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/127656"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/71e8429ac8e2adc10084ab5ec29a62f4b6671a82"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9aa0deb2eef2655a1029ba228527b152353135b5"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/e991ac8f2037d78140e417cc9a9486223eb3e786"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unbounded memory buffering in SelectorSocketTransport.writelines()",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2024-12254",
"datePublished": "2024-12-06T15:19:41.576Z",
"dateReserved": "2024-12-05T16:17:55.154Z",
"dateUpdated": "2025-04-04T23:03:00.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11168 (GCVE-0-2024-11168)
Vulnerability from cvelistv5 – Published: 2024-11-12 21:22 – Updated: 2025-11-03 21:51
VLAI?
Summary
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.21
(python)
Affected: 3.10.0 , < 3.10.16 (python) Affected: 3.11.0 , < 3.11.4 (python) Affected: 3.12.0a1 , < 3.12.0b1 (python) |
Credits
zer0yu (IPASSLab && ZGC Lab)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cpython",
"vendor": "python_software_foundation",
"versions": [
{
"lessThan": "3.11.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.12.0b1",
"status": "affected",
"version": "3.12.0a1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-11168",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T15:09:42.748084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T17:59:48.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:51:45.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250411-0004/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.21",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.16",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.4",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.0b1",
"status": "affected",
"version": "3.12.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zer0yu (IPASSLab \u0026\u0026 ZGC Lab)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren\u0027t IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.\u003cbr\u003e"
}
],
"value": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren\u0027t IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/AU:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T20:29:59.700Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/103849"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/103848"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/634ded45545ce8cbd6fd5d49785613dd7fa9b89e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/ddca2953191c67a12b1f19d6bca41016c6ae7132"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper validation of IPv6 and IPvFuture addresses",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2024-11168",
"datePublished": "2024-11-12T21:22:23.438Z",
"dateReserved": "2024-11-12T21:13:15.779Z",
"dateUpdated": "2025-11-03T21:51:45.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-9287 (GCVE-0-2024-9287)
Vulnerability from cvelistv5 – Published: 2024-10-22 16:34 – Updated: 2025-11-03 22:33
VLAI?
Summary
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
Severity ?
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.21
(python)
Affected: 3.10.0 , < 3.10.16 (python) Affected: 3.11.0 , < 3.11.11 (python) Affected: 3.12.0 , < 3.12.8 (python) Affected: 3.13.0 , < 3.13.1 (python) Affected: 3.14.0a1 , < 3.14.0a2 (python) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cpython",
"vendor": "python",
"versions": [
{
"lessThanOrEqual": "3.13.0",
"status": "affected",
"version": "0",
"versionType": "python"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T03:55:30.029Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:33:21.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250425-0006/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"venv"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.21",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.16",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.11",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.8",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.1",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0a2",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren\u0027t activated before being used (ie \"./venv/bin/python\") are not affected.\u003cbr\u003e"
}
],
"value": "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren\u0027t activated before being used (ie \"./venv/bin/python\") are not affected."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T19:55:27.648Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/124651"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/124712"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Virtual environment (venv) activation scripts don\u0027t quote paths",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2024-9287",
"datePublished": "2024-10-22T16:34:39.210Z",
"dateReserved": "2024-09-27T14:48:44.181Z",
"dateUpdated": "2025-11-03T22:33:21.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6232 (GCVE-0-2024-6232)
Vulnerability from cvelistv5 – Published: 2024-09-03 12:29 – Updated: 2025-11-03 22:32
VLAI?
Summary
There is a MEDIUM severity vulnerability affecting CPython.
Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
Severity ?
7.5 (High)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.8.20
(python)
Affected: 3.9.0 , < 3.9.20 (python) Affected: 3.10.0 , < 3.10.15 (python) Affected: 3.11.0 , < 3.11.10 (python) Affected: 3.12.0 , < 3.12.6 (python) Affected: 3.13.0a1 , < 3.13.0rc2 (python) |
Credits
Elias Joakim Myllymäki
Seth Larson
Seth Larson
Gregory P. Smith
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cpython",
"vendor": "python",
"versions": [
{
"lessThan": "3.8.20",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.9.20",
"status": "affected",
"version": "3.9.0",
"versionType": "custom"
},
{
"lessThan": "3.10.15",
"status": "affected",
"version": "3.10.0",
"versionType": "custom"
},
{
"lessThan": "3.11.10",
"status": "affected",
"version": "3.11.0",
"versionType": "custom"
},
{
"lessThan": "3.12.6",
"status": "affected",
"version": "3.12.0",
"versionType": "custom"
},
{
"lessThan": "3.13.0rc2",
"status": "affected",
"version": "3.13.0a1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-6232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T15:24:31.176254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:02:26.275Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:32:42.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/09/03/5"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241018-0007/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.8.20",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.9.20",
"status": "affected",
"version": "3.9.0",
"versionType": "python"
},
{
"lessThan": "3.10.15",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.10",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.6",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.0rc2",
"status": "affected",
"version": "3.13.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Elias Joakim Myllym\u00e4ki"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Seth Larson"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Gregory P. Smith"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThere is a MEDIUM severity vulnerability affecting CPython.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.\u0026nbsp; \u003c/div\u003e"
}
],
"value": "There is a MEDIUM severity vulnerability affecting CPython.\n\n\n\n\n\nRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T19:54:59.572Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/121286"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/121285"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Regular-expression DoS when parsing TarFile headers",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2024-6232",
"datePublished": "2024-09-03T12:29:00.102Z",
"dateReserved": "2024-06-20T21:01:55.524Z",
"dateUpdated": "2025-11-03T22:32:42.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-8088 (GCVE-0-2024-8088)
Vulnerability from cvelistv5 – Published: 2024-08-22 18:45 – Updated: 2025-11-03 22:32
VLAI?
Summary
There is a HIGH severity vulnerability affecting the CPython "zipfile"
module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected.
When iterating over names of entries in a zip archive (for example, methods
of "zipfile.Path" like "namelist()", "iterdir()", etc)
the process can be put into an infinite loop with a maliciously crafted
zip archive. This defect applies when reading only metadata or extracting
the contents of the zip archive. Programs that are not handling
user-controlled zip archives are not affected.
Severity ?
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.8.20
(python)
Affected: 3.9.0 , < 3.9.20 (python) Affected: 3.10.0 , < 3.10.15 (python) Affected: 3.11.0 , < 3.11.10 (python) Affected: 3.12.0 , < 3.12.6 (python) Affected: 3.13.0a1 , < 3.13.0rc2 (python) |
Credits
Jason R. Coombs
Seth Larson
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:32:54.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/22/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/22/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/23/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/23/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241011-0010/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cpython",
"vendor": "python_software_foundation",
"versions": [
{
"lessThanOrEqual": "3.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T17:18:49.209334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T17:32:19.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.8.20",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.9.20",
"status": "affected",
"version": "3.9.0",
"versionType": "python"
},
{
"lessThan": "3.10.15",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.10",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.6",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.0rc2",
"status": "affected",
"version": "3.13.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Jason R. Coombs"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThere is a HIGH severity vulnerability affecting the CPython \"zipfile\"\nmodule affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eWhen iterating over names of entries in a zip archive (for example, methods\nof \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc)\nthe process can be put into an infinite loop with a maliciously crafted\nzip archive. This defect applies when reading only metadata or extracting\nthe contents of the zip archive. Programs that are not handling\nuser-controlled zip archives are not affected.\u003c/div\u003e"
}
],
"value": "There is a HIGH severity vulnerability affecting the CPython \"zipfile\"\nmodule affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected.\n\n\n\n\n\nWhen iterating over names of entries in a zip archive (for example, methods\nof \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc)\nthe process can be put into an infinite loop with a maliciously crafted\nzip archive. This defect applies when reading only metadata or extracting\nthe contents of the zip archive. Programs that are not handling\nuser-controlled zip archives are not affected."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T18:23:00.951Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/122906"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/122905"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/e0264a61119d551658d9445af38323ba94fc16db"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/123270"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/2231286d78d328c2f575e0b05b16fe447d1656d6"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/7e8883a3f04d308302361aeffc73e0e9837f19d4"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/95b073bddefa6243effa08e131e297c0383e7f6a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/7bc367e464ce50b956dd232c1dfa1cad4e7fb814"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/962055268ed4f2ca1d717bfc8b6385de50a23ab7"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/fc0b8259e693caa8400fa8b6ac1e494e47ea7798"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/0aa1ee22ab6e204e9d3d0e9dd63ea648ed691ef1"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9cd03263100ddb1657826cc4a71470786cab3932"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Infinite loop when iterating over zip archive entry names from zipfile.Path",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2024-8088",
"datePublished": "2024-08-22T18:45:31.807Z",
"dateReserved": "2024-08-22T12:42:32.661Z",
"dateUpdated": "2025-11-03T22:32:54.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7592 (GCVE-0-2024-7592)
Vulnerability from cvelistv5 – Published: 2024-08-19 19:06 – Updated: 2025-11-03 22:32
VLAI?
Summary
There is a LOW severity vulnerability affecting CPython, specifically the
'http.cookies' standard library module.
When parsing cookies that contained backslashes for quoted characters in
the cookie value, the parser would use an algorithm with quadratic
complexity, resulting in excess CPU resources being used while parsing the
value.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.8.20
(python)
Affected: 3.9.0 , < 3.9.20 (python) Affected: 3.10.0 , < 3.10.15 (python) Affected: 3.11.0 , < 3.11.10 (python) Affected: 3.12.0 , < 3.12.6 (python) Affected: 3.13.0a1 , < 3.13.0rc2 (python) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cpython",
"vendor": "python",
"versions": [
{
"lessThan": "3.8.20",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.9.20",
"status": "affected",
"version": "3.9.0",
"versionType": "python"
},
{
"lessThan": "3.10.15",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.10",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.6",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.0rc2",
"status": "affected",
"version": "3.13.0a1",
"versionType": "python"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-7592",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T17:21:02.520596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T20:53:12.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:32:52.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20241018-0006/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.8.20",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.9.20",
"status": "affected",
"version": "3.9.0",
"versionType": "python"
},
{
"lessThan": "3.10.15",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.10",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.6",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.0rc2",
"status": "affected",
"version": "3.13.0a1",
"versionType": "python"
}
]
}
],
"datePublic": "2024-08-16T16:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a LOW severity vulnerability affecting CPython, specifically the\n\u0027\u003ci\u003e\u003cb\u003ehttp.cookies\u003c/b\u003e\u003c/i\u003e\u0027 standard library module.\u003c/p\u003e\n\u003cp\u003eWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "There is a LOW severity vulnerability affecting CPython, specifically the\n\u0027http.cookies\u0027 standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T19:55:12.119Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/123075"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/123067"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/44e458357fca05ca0ae2658d62c8c595b048b5ef"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Quadratic complexity parsing cookies with backslashes",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2024-7592",
"datePublished": "2024-08-19T19:06:45.311Z",
"dateReserved": "2024-08-07T15:53:07.135Z",
"dateUpdated": "2025-11-03T22:32:52.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6923 (GCVE-0-2024-6923)
Vulnerability from cvelistv5 – Published: 2024-08-01 13:40 – Updated: 2025-11-03 22:32
VLAI?
Summary
There is a MEDIUM severity vulnerability affecting CPython.
The
email module didn’t properly quote newlines for email headers when
serializing an email message allowing for header injection when an email
is serialized.
Severity ?
5.5 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.8.20
(python)
Affected: 3.9.0 , < 3.9.20 (python) Affected: 3.10.0 , < 3.10.15 (python) Affected: 3.11.0 , < 3.11.10 (python) Affected: 3.12.0 , < 3.12.5 (python) Affected: 3.13.0a1 , < 3.13.0rc2 (python) |
Credits
Petr Viktorin
Seth Larson
John Whitlock
Bas Bloemsaat
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cpython",
"vendor": "python",
"versions": [
{
"lessThanOrEqual": "3.13.0rc2",
"status": "affected",
"version": "0",
"versionType": "python"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-6923",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T18:15:02.857863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:12.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:32:47.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/01/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/02/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240926-0003/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00005.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"email"
],
"product": "CPython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.8.20",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.9.20",
"status": "affected",
"version": "3.9.0",
"versionType": "python"
},
{
"lessThan": "3.10.15",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.10",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.5",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.0rc2",
"status": "affected",
"version": "3.13.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Petr Viktorin"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
},
{
"lang": "en",
"type": "reporter",
"value": "John Whitlock"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Bas Bloemsaat"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a MEDIUM severity vulnerability affecting CPython.\u003cbr\u003e\u003cbr\u003eThe \nemail module didn\u2019t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized."
}
],
"value": "There is a MEDIUM severity vulnerability affecting CPython.\n\nThe \nemail module didn\u2019t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized."
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T19:55:06.174Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/122233"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/121650"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/4766d1200fdf8b6728137aa2927a297e224d5fa7"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/06f28dc236708f72871c64d4bc4b4ea144c50147"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/b158a76ce094897c870fb6b3de62887b7ccc33f1"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/f7be505d137a22528cb0fc004422c0081d5d90e6"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/f7c0f09e69e950cf3c5ada9dbde93898eb975533"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/097633981879b3c9de9a1dd120d3aa585ecc2384"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Email header injection due to unquoted newlines",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2024-6923",
"datePublished": "2024-08-01T13:40:11.069Z",
"dateReserved": "2024-07-19T15:32:46.458Z",
"dateUpdated": "2025-11-03T22:32:47.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-3219 (GCVE-0-2024-3219)
Vulnerability from cvelistv5 – Published: 2024-07-29 21:54 – Updated: 2025-05-02 23:02
VLAI?
Summary
The
“socket” module provides a pure-Python fallback to the
socket.socketpair() function for platforms that don’t support AF_UNIX,
such as Windows. This pure-Python implementation uses AF_INET or
AF_INET6 to create a local connected pair of sockets. The connection
between the two sockets was not verified before passing the two sockets
back to the user, which leaves the server socket vulnerable to a
connection race from a malicious local peer.
Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.8.20
(python)
Affected: 3.9.0 , < 3.9.20 (python) Affected: 3.10.0 , < 3.10.15 (python) Affected: 3.11.0 , < 3.11.10 (python) Affected: 3.12.0 , < 3.12.5 (python) Affected: 3.13.0a1 , < 3.13.0rc1 (python) |
Credits
Ellie
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3219",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T18:45:03.016211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T21:44:46.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-02T23:02:58.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/122134"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/python/cpython/issues/122133"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/29/3"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250502-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.8.20",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.9.20",
"status": "affected",
"version": "3.9.0",
"versionType": "python"
},
{
"lessThan": "3.10.15",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.10",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.5",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.0rc1",
"status": "affected",
"version": "3.13.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ellie"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The\n \u201csocket\u201d module provides a pure-Python fallback to the \nsocket.socketpair() function for platforms that don\u2019t support AF_UNIX, \nsuch as Windows. This pure-Python implementation uses AF_INET or \nAF_INET6 to create a local connected pair of sockets. The connection \nbetween the two sockets was not verified before passing the two sockets \nback to the user, which leaves the server socket vulnerable to a \nconnection race from a malicious local peer.\u003cbr\u003e\u003cbr\u003ePlatforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.\u003cbr\u003e"
}
],
"value": "The\n \u201csocket\u201d module provides a pure-Python fallback to the \nsocket.socketpair() function for platforms that don\u2019t support AF_UNIX, \nsuch as Windows. This pure-Python implementation uses AF_INET or \nAF_INET6 to create a local connected pair of sockets. The connection \nbetween the two sockets was not verified before passing the two sockets \nback to the user, which leaves the server socket vulnerable to a \nconnection race from a malicious local peer.\n\nPlatforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T19:54:41.350Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/122134"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/122133"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/29/3"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Pure-Python fallback of socket.socketpair() doesn\u2019t authenticate peer connection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2024-3219",
"datePublished": "2024-07-29T21:54:05.830Z",
"dateReserved": "2024-04-02T18:03:22.557Z",
"dateUpdated": "2025-05-02T23:02:58.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5642 (GCVE-0-2024-5642)
Vulnerability from cvelistv5 – Published: 2024-06-27 21:05 – Updated: 2025-10-09 18:36
VLAI?
Summary
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).
Severity ?
6.5 (Medium)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.24
(python)
Affected: 3.10.0a1 , < 3.10.0b1 (python) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-5642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T13:47:34.169947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T20:14:30.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html"
},
{
"tags": [
"mitigation",
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/23014"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/28/4"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/python/cpython/issues/121227"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240726-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.24",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.0b1",
"status": "affected",
"version": "3.10.0a1",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CPython 3.9 and earlier doesn\u0027t disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see \u003cspan style=\"background-color: oklab(0.0852327 0.00000386313 0.00000170618 / 0.06);\"\u003eCVE\u003c/span\u003e\u003cspan style=\"background-color: oklab(0.0852327 0.00000386313 0.00000170618 / 0.06);\"\u003e-2024\u003c/span\u003e\u003cspan style=\"background-color: oklab(0.0852327 0.00000386313 0.00000170618 / 0.06);\"\u003e-5535\u003c/span\u003e for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).\u003cbr\u003e"
}
],
"value": "CPython 3.9 and earlier doesn\u0027t disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured)."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T18:36:41.965Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html"
},
{
"tags": [
"mitigation"
],
"url": "https://github.com/python/cpython/pull/23014"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/06/28/4"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/121227"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240726-0005/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/a2cdbb6e8188ba9ba8b356b28d91bff60e86fe31"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Buffer overread when using an empty list with SSLContext.set_npn_protocols()",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2024-5642",
"datePublished": "2024-06-27T21:05:31.281Z",
"dateReserved": "2024-06-04T18:40:21.539Z",
"dateUpdated": "2025-10-09T18:36:41.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0397 (GCVE-0-2024-0397)
Vulnerability from cvelistv5 – Published: 2024-06-17 15:09 – Updated: 2025-11-03 21:50
VLAI?
Summary
A defect was discovered in the Python “ssl” module where there is a memory
race condition with the ssl.SSLContext methods “cert_store_stats()” and
“get_ca_certs()”. The race condition can be triggered if the methods are
called at the same time as certificates are loaded into the SSLContext,
such as during the TLS handshake with a certificate directory configured.
This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.
Severity ?
7.4 (High)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.8.20
(python)
Affected: 3.9.0 , < 3.9.20 (python) Affected: 3.10.0 , < 3.10.14 (python) Affected: 3.11.0 , < 3.11.9 (python) Affected: 3.12.0 , < 3.12.3 (python) Affected: 3.13.0a1 , < 3.13.0a5 (python) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cpython",
"vendor": "python_software_foundation",
"versions": [
{
"lessThan": "3.8.20",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.9.20",
"status": "affected",
"version": "3.9.0",
"versionType": "python"
},
{
"lessThan": "3.10.14",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.9",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.3",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.0a5",
"status": "affected",
"version": "3.13.0a1",
"versionType": "python"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-0397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T15:52:27.499743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T18:24:43.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:50:55.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/python/cpython/issues/114572"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/114573"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/17/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250411-0006/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.8.20",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.9.20",
"status": "affected",
"version": "3.9.0",
"versionType": "python"
},
{
"lessThan": "3.10.14",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.9",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.3",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.0a5",
"status": "affected",
"version": "3.13.0a1",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A defect was discovered in the Python \u201cssl\u201d module where there is a memory\nrace condition with the ssl.SSLContext methods \u201ccert_store_stats()\u201d and\n\u201cget_ca_certs()\u201d. The race condition can be triggered if the methods are\ncalled at the same time as certificates are loaded into the SSLContext,\nsuch as during the TLS handshake with a certificate directory configured.\nThis issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5."
}
],
"value": "A defect was discovered in the Python \u201cssl\u201d module where there is a memory\nrace condition with the ssl.SSLContext methods \u201ccert_store_stats()\u201d and\n\u201cget_ca_certs()\u201d. The race condition can be triggered if the methods are\ncalled at the same time as certificates are loaded into the SSLContext,\nsuch as during the TLS handshake with a certificate directory configured.\nThis issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5."
}
],
"providerMetadata": {
"dateUpdated": "2024-09-07T02:44:08.540Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/114572"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/114573"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/06/17/2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Memory race condition in ssl.SSLContext certificate store methods",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2024-0397",
"datePublished": "2024-06-17T15:09:40.896Z",
"dateReserved": "2024-01-10T14:05:31.635Z",
"dateUpdated": "2025-11-03T21:50:55.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-4032 (GCVE-0-2024-4032)
Vulnerability from cvelistv5 – Published: 2024-06-17 15:05 – Updated: 2025-11-03 21:57
VLAI?
Summary
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.
CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.
Severity ?
7.5 (High)
CWE
- CWE-697 - Incorrect Comparison
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.8.20
(python)
Affected: 3.9.0 , < 3.9.20 (python) Affected: 3.10.0 , < 3.10.15 (python) Affected: 3.11.0 , < 3.11.10 (python) Affected: 3.12.0 , < 3.12.4 (python) Affected: 3.13.0a1 , < 3.13.0a6 (python) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:57:16.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/python/cpython/issues/113171"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/113179"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/17/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240726-0004/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cpython",
"vendor": "python",
"versions": [
{
"lessThan": "3.12.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.13.0a6",
"status": "affected",
"version": "3.13.0a1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4032",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T18:21:11.207929Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697 Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T15:55:55.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.8.20",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.9.20",
"status": "affected",
"version": "3.9.0",
"versionType": "python"
},
{
"lessThan": "3.10.15",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.10",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.4",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.0a6",
"status": "affected",
"version": "3.13.0a1",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe \u201cipaddress\u201d module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn\u2019t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "The \u201cipaddress\u201d module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn\u2019t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\n\nCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior."
}
],
"providerMetadata": {
"dateUpdated": "2024-09-07T02:44:42.321Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/113171"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/113179"
},
{
"url": "https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml"
},
{
"url": "https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/06/17/3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240726-0004/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect IPv4 and IPv6 private ranges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2024-4032",
"datePublished": "2024-06-17T15:05:58.827Z",
"dateReserved": "2024-04-22T17:15:47.895Z",
"dateUpdated": "2025-11-03T21:57:16.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-4030 (GCVE-0-2024-4030)
Vulnerability from cvelistv5 – Published: 2024-05-07 21:02 – Updated: 2024-09-07 02:44
VLAI?
Summary
On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.
If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.
This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.
Severity ?
7.1 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.8.20
(python)
Affected: 3.9.0 , < 3.9.20 (python) Affected: 3.10.0 , < 3.10.15 (python) Affected: 3.11.0 , < 3.11.10 (python) Affected: 3.12.0 , < 3.12.4 (python) Affected: 3.13.0a1 , < 3.13.0b1 (python) |
Credits
Aobo Wang
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cpython",
"vendor": "python",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "3.13.0a1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:32:37.215710Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:55:02.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/python/cpython/issues/118486"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240705-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.8.20",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.9.20",
"status": "affected",
"version": "3.9.0",
"versionType": "python"
},
{
"lessThan": "3.10.15",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.10",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.4",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.0b1",
"status": "affected",
"version": "3.13.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aobo Wang"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eOn Windows a directory returned by \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003etempfile.mkdtemp()\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIf you\u2019re not using Windows or haven\u2019t changed the temporary directory location then you aren\u2019t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\u003c/span\u003e\u003c/p\u003e\u003cspan style=\"background-color: transparent;\"\u003eThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \u201c700\u201d for the \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003emkdir\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e function on Windows which is used by \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003emkdtemp()\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e to ensure the newly created directory has the proper permissions.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you\u2019re not using Windows or haven\u2019t changed the temporary directory location then you aren\u2019t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \u201c700\u201d for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-07T02:44:36.613Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/118486"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240705-0005/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "tempfile.mkdtemp() may be readable and writeable by all users on Windows",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2024-4030",
"datePublished": "2024-05-07T21:02:55.284Z",
"dateReserved": "2024-04-22T14:49:13.316Z",
"dateUpdated": "2024-09-07T02:44:36.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6597 (GCVE-0-2023-6597)
Vulnerability from cvelistv5 – Published: 2024-03-19 15:44 – Updated: 2025-11-03 21:50
VLAI?
Summary
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.
The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
Severity ?
7.8 (High)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.8.19
(python)
Affected: 3.9.0 , < 3.9.19 (python) Affected: 3.10.0 , < 3.10.14 (python) Affected: 3.11.0 , < 3.11.8 (python) Affected: 3.12.0 , < 3.12.1 (python) Affected: 3.13.0a1 , < 3.13.0a3 (python) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cpython",
"vendor": "python_software_foundation",
"versions": [
{
"lessThan": "3.8.19",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.9.19",
"status": "affected",
"version": "3.9.0",
"versionType": "custom"
},
{
"lessThan": "3.10.14",
"status": "affected",
"version": "3.10.0",
"versionType": "custom"
},
{
"lessThan": "3.11.8",
"status": "affected",
"version": "3.11.0",
"versionType": "custom"
},
{
"lessThan": "3.12.1",
"status": "affected",
"version": "3.12.0",
"versionType": "custom"
},
{
"lessThan": "3.13.0a3",
"status": "affected",
"version": "3.13.0a1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T19:08:44.665083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T19:16:27.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:50:47.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/python/cpython/issues/91133"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.8.19",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.9.19",
"status": "affected",
"version": "3.9.0",
"versionType": "python"
},
{
"lessThan": "3.10.14",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.8",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.1",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.0a3",
"status": "affected",
"version": "3.13.0a1",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\u003cbr\u003e\u003cbr\u003eThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\u003cbr\u003e"
}
],
"value": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T19:24:11.289Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/91133"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2023-6597",
"datePublished": "2024-03-19T15:44:28.989Z",
"dateReserved": "2023-12-07T20:59:23.246Z",
"dateUpdated": "2025-11-03T21:50:47.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}