Vulnerabilites related to Python Software Foundation - CPython
cve-2024-5642
Vulnerability from cvelistv5
Published
2024-06-27 21:05
Modified
2025-02-13 17:54
Severity ?
EPSS score ?
Summary
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Version: 0 |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-5642", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-28T13:47:34.169947Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-06T20:14:30.590Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:18:06.642Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "third-party-advisory", "x_transferred", ], url: "https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html", }, { tags: [ "mitigation", "x_transferred", ], url: "https://github.com/python/cpython/pull/23014", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/06/28/4", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://github.com/python/cpython/issues/121227", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240726-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CPython", repo: "https://github.com/python/cpython", vendor: "Python Software Foundation", versions: [ { lessThan: "3.10.0b1", status: "affected", version: "0", versionType: "python", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "CPython 3.9 and earlier doesn't disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see <span style=\"background-color: oklab(0.0852327 0.00000386313 0.00000170618 / 0.06);\">CVE</span><span style=\"background-color: oklab(0.0852327 0.00000386313 0.00000170618 / 0.06);\">-2024</span><span style=\"background-color: oklab(0.0852327 0.00000386313 0.00000170618 / 0.06);\">-5535</span> for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).<br>", }, ], value: "CPython 3.9 and earlier doesn't disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).", }, ], providerMetadata: { dateUpdated: "2024-07-28T14:06:06.558Z", orgId: "28c92f92-d60d-412d-b760-e73465c3df22", shortName: "PSF", }, references: [ { tags: [ "third-party-advisory", ], url: "https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html", }, { tags: [ "mitigation", ], url: "https://github.com/python/cpython/pull/23014", }, { tags: [ "vendor-advisory", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e", }, { url: "http://www.openwall.com/lists/oss-security/2024/06/28/4", }, { tags: [ "issue-tracking", ], url: "https://github.com/python/cpython/issues/121227", }, { url: "https://security.netapp.com/advisory/ntap-20240726-0005/", }, ], source: { discovery: "UNKNOWN", }, title: "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "28c92f92-d60d-412d-b760-e73465c3df22", assignerShortName: "PSF", cveId: "CVE-2024-5642", datePublished: "2024-06-27T21:05:31.281Z", dateReserved: "2024-06-04T18:40:21.539Z", dateUpdated: "2025-02-13T17:54:23.641Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-6923
Vulnerability from cvelistv5
Published
2024-08-01 13:40
Modified
2025-01-31 19:55
Severity ?
EPSS score ?
Summary
There is a MEDIUM severity vulnerability affecting CPython.
The
email module didn’t properly quote newlines for email headers when
serializing an email message allowing for header injection when an email
is serialized.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Version: 0 Version: 3.9.0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0a1 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cpython", vendor: "python", versions: [ { lessThanOrEqual: "3.13.0rc2", status: "affected", version: "0", versionType: "python", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-6923", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-01T18:15:02.857863Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-01T18:18:12.965Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-01-11T15:02:31.356Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/08/01/3", }, { url: "http://www.openwall.com/lists/oss-security/2024/08/02/2", }, { url: "https://security.netapp.com/advisory/ntap-20240926-0003/", }, { url: "https://lists.debian.org/debian-lts-announce/2025/01/msg00005.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "email", ], product: "CPython", vendor: "Python Software Foundation", versions: [ { lessThan: "3.8.20", status: "affected", version: "0", versionType: "python", }, { lessThan: "3.9.20", status: "affected", version: "3.9.0", versionType: "python", }, { lessThan: "3.10.15", status: "affected", version: "3.10.0", versionType: "python", }, { lessThan: "3.11.10", status: "affected", version: "3.11.0", versionType: "python", }, { lessThan: "3.12.5", status: "affected", version: "3.12.0", versionType: "python", }, { lessThan: "3.13.0rc2", status: "affected", version: "3.13.0a1", versionType: "python", }, ], }, ], credits: [ { lang: "en", type: "remediation developer", value: "Petr Viktorin", }, { lang: "en", type: "coordinator", value: "Seth Larson", }, { lang: "en", type: "reporter", value: "John Whitlock", }, { lang: "en", type: "remediation developer", value: "Bas Bloemsaat", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "There is a MEDIUM severity vulnerability affecting CPython.<br><br>The \nemail module didn’t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized.", }, ], value: "There is a MEDIUM severity vulnerability affecting CPython.\n\nThe \nemail module didn’t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized.", }, ], providerMetadata: { dateUpdated: "2025-01-31T19:55:06.174Z", orgId: "28c92f92-d60d-412d-b760-e73465c3df22", shortName: "PSF", }, references: [ { tags: [ "patch", ], url: "https://github.com/python/cpython/pull/122233", }, { tags: [ "issue-tracking", ], url: "https://github.com/python/cpython/issues/121650", }, { tags: [ "vendor-advisory", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/4766d1200fdf8b6728137aa2927a297e224d5fa7", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/06f28dc236708f72871c64d4bc4b4ea144c50147", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/b158a76ce094897c870fb6b3de62887b7ccc33f1", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/f7be505d137a22528cb0fc004422c0081d5d90e6", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/f7c0f09e69e950cf3c5ada9dbde93898eb975533", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/097633981879b3c9de9a1dd120d3aa585ecc2384", }, ], source: { discovery: "UNKNOWN", }, title: "Email header injection due to unquoted newlines", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "28c92f92-d60d-412d-b760-e73465c3df22", assignerShortName: "PSF", cveId: "CVE-2024-6923", datePublished: "2024-08-01T13:40:11.069Z", dateReserved: "2024-07-19T15:32:46.458Z", dateUpdated: "2025-01-31T19:55:06.174Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-6507
Vulnerability from cvelistv5
Published
2023-12-08 18:20
Modified
2024-08-02 08:35
Severity ?
EPSS score ?
Summary
An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases.
When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list.
This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Version: 3.12.0 Version: 3.13.0a1 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:python:cpython:3.13.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cpython", vendor: "python", versions: [ { status: "affected", version: "3.13.0", }, ], }, { cpes: [ "cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cpython", vendor: "python", versions: [ { status: "affected", version: "3.12.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-6507", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-31T20:16:20.207522Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:17:02.629Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T08:35:13.267Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "issue-tracking", "x_transferred", ], url: "https://github.com/python/cpython/issues/112334", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD/", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/9fe7655c6ce0b8e9adc229daf681b6d30e6b1610", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/10e9bb13b8dcaa414645b9bd10718d8f7179e82b", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/85bbfa8a4bbdbb61a3a84fbd7cb29a4096ab8a06", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "POSIX", ], product: "CPython", repo: "https://github.com/python/cpython", vendor: "Python Software Foundation", versions: [ { lessThan: "3.12.1", status: "affected", version: "3.12.0", versionType: "python", }, { lessThan: "3.13.0a3", status: "affected", version: "3.13.0a1", versionType: "python", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p><span style=\"background-color: transparent;\">An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases.</span></p><p><span style=\"background-color: transparent;\">When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list.</span></p><p><span style=\"background-color: transparent;\">This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`).</span></p>", }, ], value: "An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases.\n\nWhen using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list.\n\nThis issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`).\n\n", }, ], impacts: [ { capecId: "CAPEC-122", descriptions: [ { lang: "en", value: "CAPEC-122 Privilege Abuse", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-07T21:36:25.215Z", orgId: "28c92f92-d60d-412d-b760-e73465c3df22", shortName: "PSF", }, references: [ { tags: [ "issue-tracking", ], url: "https://github.com/python/cpython/issues/112334", }, { tags: [ "vendor-advisory", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD/", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/9fe7655c6ce0b8e9adc229daf681b6d30e6b1610", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/10e9bb13b8dcaa414645b9bd10718d8f7179e82b", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/85bbfa8a4bbdbb61a3a84fbd7cb29a4096ab8a06", }, ], source: { discovery: "UNKNOWN", }, title: "Groups not dropped before running subprocess when using empty 'extra_groups' parameter", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "28c92f92-d60d-412d-b760-e73465c3df22", assignerShortName: "PSF", cveId: "CVE-2023-6507", datePublished: "2023-12-08T18:20:49.583Z", dateReserved: "2023-12-04T21:24:50.284Z", dateUpdated: "2024-08-02T08:35:13.267Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-6597
Vulnerability from cvelistv5
Published
2024-03-19 15:44
Modified
2024-11-05 19:16
Severity ?
EPSS score ?
Summary
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.
The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Version: 0 Version: 3.9.0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0a1 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cpython", vendor: "python_software_foundation", versions: [ { lessThan: "3.8.19", status: "affected", version: "0", versionType: "custom", }, { lessThan: "3.9.19", status: "affected", version: "3.9.0", versionType: "custom", }, { lessThan: "3.10.14", status: "affected", version: "3.10.0", versionType: "custom", }, { lessThan: "3.11.8", status: "affected", version: "3.11.0", versionType: "custom", }, { lessThan: "3.12.1", status: "affected", version: "3.12.0", versionType: "custom", }, { lessThan: "3.13.0a3", status: "affected", version: "3.13.0a1", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-6597", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-05T19:08:44.665083Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-05T19:16:27.862Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T08:35:14.863Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://github.com/python/cpython/issues/91133", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/20/5", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CPython", repo: "https://github.com/python/cpython", vendor: "Python Software Foundation", versions: [ { lessThan: "3.8.19", status: "affected", version: "0", versionType: "python", }, { lessThan: "3.9.19", status: "affected", version: "3.9.0", versionType: "python", }, { lessThan: "3.10.14", status: "affected", version: "3.10.0", versionType: "python", }, { lessThan: "3.11.8", status: "affected", version: "3.11.0", versionType: "python", }, { lessThan: "3.12.1", status: "affected", version: "3.12.0", versionType: "python", }, { lessThan: "3.13.0a3", status: "affected", version: "3.13.0a1", versionType: "python", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.<br><br>The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.<br>", }, ], value: "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-13T19:24:11.289Z", orgId: "28c92f92-d60d-412d-b760-e73465c3df22", shortName: "PSF", }, references: [ { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a", }, { tags: [ "issue-tracking", ], url: "https://github.com/python/cpython/issues/91133", }, { tags: [ "vendor-advisory", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/", }, { url: "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html", }, { url: "http://www.openwall.com/lists/oss-security/2024/03/20/5", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "28c92f92-d60d-412d-b760-e73465c3df22", assignerShortName: "PSF", cveId: "CVE-2023-6597", datePublished: "2024-03-19T15:44:28.989Z", dateReserved: "2023-12-07T20:59:23.246Z", dateUpdated: "2024-11-05T19:16:27.862Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-6232
Vulnerability from cvelistv5
Published
2024-09-03 12:29
Modified
2025-03-20 18:02
Severity ?
EPSS score ?
Summary
There is a MEDIUM severity vulnerability affecting CPython.
Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Version: 0 Version: 3.9.0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0a1 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cpython", vendor: "python", versions: [ { lessThan: "3.8.20", status: "affected", version: "0", versionType: "custom", }, { lessThan: "3.9.20", status: "affected", version: "3.9.0", versionType: "custom", }, { lessThan: "3.10.15", status: "affected", version: "3.10.0", versionType: "custom", }, { lessThan: "3.11.10", status: "affected", version: "3.11.0", versionType: "custom", }, { lessThan: "3.12.6", status: "affected", version: "3.12.0", versionType: "custom", }, { lessThan: "3.13.0rc2", status: "affected", version: "3.13.0a1", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-6232", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-04T15:24:31.176254Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T18:02:26.275Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-10-18T13:07:45.640Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/09/03/5", }, { url: "https://security.netapp.com/advisory/ntap-20241018-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CPython", repo: "https://github.com/python/cpython", vendor: "Python Software Foundation", versions: [ { lessThan: "3.8.20", status: "affected", version: "0", versionType: "python", }, { lessThan: "3.9.20", status: "affected", version: "3.9.0", versionType: "python", }, { lessThan: "3.10.15", status: "affected", version: "3.10.0", versionType: "python", }, { lessThan: "3.11.10", status: "affected", version: "3.11.0", versionType: "python", }, { lessThan: "3.12.6", status: "affected", version: "3.12.0", versionType: "python", }, { lessThan: "3.13.0rc2", status: "affected", version: "3.13.0a1", versionType: "python", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "Elias Joakim Myllymäki", }, { lang: "en", type: "coordinator", value: "Seth Larson", }, { lang: "en", type: "remediation developer", value: "Seth Larson", }, { lang: "en", type: "remediation reviewer", value: "Gregory P. Smith", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<div>There is a MEDIUM severity vulnerability affecting CPython.<br></div><div><br></div><div>Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. </div>", }, ], value: "There is a MEDIUM severity vulnerability affecting CPython.\n\n\n\n\n\nRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1333", description: "CWE-1333 Inefficient Regular Expression Complexity", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-31T19:54:59.572Z", orgId: "28c92f92-d60d-412d-b760-e73465c3df22", shortName: "PSF", }, references: [ { tags: [ "patch", ], url: "https://github.com/python/cpython/pull/121286", }, { tags: [ "issue-tracking", ], url: "https://github.com/python/cpython/issues/121285", }, { tags: [ "vendor-advisory", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4", }, ], source: { discovery: "UNKNOWN", }, title: "Regular-expression DoS when parsing TarFile headers", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "28c92f92-d60d-412d-b760-e73465c3df22", assignerShortName: "PSF", cveId: "CVE-2024-6232", datePublished: "2024-09-03T12:29:00.102Z", dateReserved: "2024-06-20T21:01:55.524Z", dateUpdated: "2025-03-20T18:02:26.275Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-11168
Vulnerability from cvelistv5
Published
2024-11-12 21:22
Modified
2025-01-06 17:59
Severity ?
EPSS score ?
Summary
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Version: 0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0a1 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cpython", vendor: "python_software_foundation", versions: [ { lessThan: "3.11.4", status: "affected", version: "0", versionType: "custom", }, { lessThan: "3.12.0b1", status: "affected", version: "3.12.0a1", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-11168", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:09:42.748084Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918 Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-06T17:59:48.232Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CPython", repo: "https://github.com/python/cpython", vendor: "Python Software Foundation", versions: [ { lessThan: "3.9.21", status: "affected", version: "0", versionType: "python", }, { lessThan: "3.10.16", status: "affected", version: "3.10.0", versionType: "python", }, { lessThan: "3.11.4", status: "affected", version: "3.11.0", versionType: "python", }, { lessThan: "3.12.0b1", status: "affected", version: "3.12.0a1", versionType: "python", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "zer0yu (IPASSLab && ZGC Lab)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.<br>", }, ], value: "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.", }, ], metrics: [ { cvssV4_0: { Automatable: "NO", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "HIGH", attackRequirements: "PRESENT", attackVector: "NETWORK", baseScore: 6.3, baseSeverity: "MEDIUM", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "LOW", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/AU:N", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-03T20:29:59.700Z", orgId: "28c92f92-d60d-412d-b760-e73465c3df22", shortName: "PSF", }, references: [ { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/pull/103849", }, { tags: [ "issue-tracking", ], url: "https://github.com/python/cpython/issues/103848", }, { tags: [ "vendor-advisory", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/634ded45545ce8cbd6fd5d49785613dd7fa9b89e", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/ddca2953191c67a12b1f19d6bca41016c6ae7132", }, ], source: { discovery: "UNKNOWN", }, title: "Improper validation of IPv6 and IPvFuture addresses", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "28c92f92-d60d-412d-b760-e73465c3df22", assignerShortName: "PSF", cveId: "CVE-2024-11168", datePublished: "2024-11-12T21:22:23.438Z", dateReserved: "2024-11-12T21:13:15.779Z", dateUpdated: "2025-01-06T17:59:48.232Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-9287
Vulnerability from cvelistv5
Published
2024-10-22 16:34
Modified
2025-01-31 19:55
Severity ?
EPSS score ?
Summary
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Version: 0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0 Version: 3.14.0a1 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cpython", vendor: "python", versions: [ { lessThanOrEqual: "3.13.0", status: "affected", version: "0", versionType: "python", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-9287", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-22T17:11:46.736068Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-22T17:13:32.968Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "venv", ], product: "CPython", repo: "https://github.com/python/cpython", vendor: "Python Software Foundation", versions: [ { lessThan: "3.9.21", status: "affected", version: "0", versionType: "python", }, { lessThan: "3.10.16", status: "affected", version: "3.10.0", versionType: "python", }, { lessThan: "3.11.11", status: "affected", version: "3.11.0", versionType: "python", }, { lessThan: "3.12.8", status: "affected", version: "3.12.0", versionType: "python", }, { lessThan: "3.13.1", status: "affected", version: "3.13.0", versionType: "python", }, { lessThan: "3.14.0a2", status: "affected", version: "3.14.0a1", versionType: "python", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie \"./venv/bin/python\") are not affected.<br>", }, ], value: "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie \"./venv/bin/python\") are not affected.", }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "PRESENT", attackVector: "LOCAL", baseScore: 5.3, baseSeverity: "MEDIUM", privilegesRequired: "HIGH", providerUrgency: "GREEN", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "ACTIVE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-428", description: "CWE-428 Unquoted Search Path or Element", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-31T19:55:27.648Z", orgId: "28c92f92-d60d-412d-b760-e73465c3df22", shortName: "PSF", }, references: [ { tags: [ "issue-tracking", ], url: "https://github.com/python/cpython/issues/124651", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/pull/124712", }, { tags: [ "vendor-advisory", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b", }, ], source: { discovery: "UNKNOWN", }, title: "Virtual environment (venv) activation scripts don't quote paths", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "28c92f92-d60d-412d-b760-e73465c3df22", assignerShortName: "PSF", cveId: "CVE-2024-9287", datePublished: "2024-10-22T16:34:39.210Z", dateReserved: "2024-09-27T14:48:44.181Z", dateUpdated: "2025-01-31T19:55:27.648Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-1795
Vulnerability from cvelistv5
Published
2025-02-28 18:59
Modified
2025-02-28 20:32
Severity ?
EPSS score ?
Summary
During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Version: 0 Version: 3.12.0 Version: 3.13.0a1 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-1795", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:30:47.670593Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-116", description: "CWE-116 Improper Encoding or Escaping of Output", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:32:56.849Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "email", ], product: "CPython", repo: "https://github.com/python/cpython", vendor: "Python Software Foundation", versions: [ { lessThan: "3.11.9", status: "affected", version: "0", versionType: "python", }, { lessThan: "3.12.3", status: "affected", version: "3.12.0", versionType: "python", }, { lessThan: "3.13.0a5", status: "affected", version: "3.13.0a1", versionType: "python", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.", }, ], value: "During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.", }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "HIGH", attackRequirements: "PRESENT", attackVector: "NETWORK", baseScore: 2.3, baseSeverity: "LOW", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T19:16:32.270Z", orgId: "28c92f92-d60d-412d-b760-e73465c3df22", shortName: "PSF", }, references: [ { tags: [ "issue-tracking", ], url: "https://github.com/python/cpython/issues/100884", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/pull/100885", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/pull/119099", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74", }, { tags: [ "vendor-advisory", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/", }, ], source: { discovery: "UNKNOWN", }, title: "Mishandling of comma during folding and unicode-encoding of email headers", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "28c92f92-d60d-412d-b760-e73465c3df22", assignerShortName: "PSF", cveId: "CVE-2025-1795", datePublished: "2025-02-28T18:59:31.784Z", dateReserved: "2025-02-28T18:49:37.957Z", dateUpdated: "2025-02-28T20:32:56.849Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8088
Vulnerability from cvelistv5
Published
2024-08-22 18:45
Modified
2024-10-11 22:03
Severity ?
EPSS score ?
Summary
There is a HIGH severity vulnerability affecting the CPython "zipfile"
module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected.
When iterating over names of entries in a zip archive (for example, methods
of "zipfile.Path" like "namelist()", "iterdir()", etc)
the process can be put into an infinite loop with a maliciously crafted
zip archive. This defect applies when reading only metadata or extracting
the contents of the zip archive. Programs that are not handling
user-controlled zip archives are not affected.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Version: 0 Version: 3.9.0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0a1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-10-11T22:03:20.370Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/08/22/1", }, { url: "http://www.openwall.com/lists/oss-security/2024/08/22/4", }, { url: "http://www.openwall.com/lists/oss-security/2024/08/23/1", }, { url: "http://www.openwall.com/lists/oss-security/2024/08/23/2", }, { url: "https://security.netapp.com/advisory/ntap-20241011-0010/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cpython", vendor: "python_software_foundation", versions: [ { lessThanOrEqual: "3.13.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-8088", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-23T17:18:49.209334Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-23T17:32:19.819Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CPython", repo: "https://github.com/python/cpython", vendor: "Python Software Foundation", versions: [ { lessThan: "3.8.20", status: "affected", version: "0", versionType: "python", }, { lessThan: "3.9.20", status: "affected", version: "3.9.0", versionType: "python", }, { lessThan: "3.10.15", status: "affected", version: "3.10.0", versionType: "python", }, { lessThan: "3.11.10", status: "affected", version: "3.11.0", versionType: "python", }, { lessThan: "3.12.6", status: "affected", version: "3.12.0", versionType: "python", }, { lessThan: "3.13.0rc2", status: "affected", version: "3.13.0a1", versionType: "python", }, ], }, ], credits: [ { lang: "en", type: "remediation developer", value: "Jason R. Coombs", }, { lang: "en", type: "coordinator", value: "Seth Larson", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<div>There is a HIGH severity vulnerability affecting the CPython \"zipfile\"\nmodule affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected.<br></div><div><br></div><div>When iterating over names of entries in a zip archive (for example, methods\nof \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc)\nthe process can be put into an infinite loop with a maliciously crafted\nzip archive. This defect applies when reading only metadata or extracting\nthe contents of the zip archive. Programs that are not handling\nuser-controlled zip archives are not affected.</div>", }, ], value: "There is a HIGH severity vulnerability affecting the CPython \"zipfile\"\nmodule affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected.\n\n\n\n\n\nWhen iterating over names of entries in a zip archive (for example, methods\nof \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc)\nthe process can be put into an infinite loop with a maliciously crafted\nzip archive. This defect applies when reading only metadata or extracting\nthe contents of the zip archive. Programs that are not handling\nuser-controlled zip archives are not affected.", }, ], metrics: [ { cvssV4_0: { Automatable: "NO", Recovery: "USER", Safety: "NEGLIGIBLE", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 8.7, baseSeverity: "HIGH", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "LOW", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-835", description: "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-07T02:45:14.991Z", orgId: "28c92f92-d60d-412d-b760-e73465c3df22", shortName: "PSF", }, references: [ { tags: [ "vendor-advisory", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/pull/122906", }, { tags: [ "issue-tracking", ], url: "https://github.com/python/cpython/issues/122905", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/e0264a61119d551658d9445af38323ba94fc16db", }, { tags: [ "issue-tracking", ], url: "https://github.com/python/cpython/issues/123270", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/2231286d78d328c2f575e0b05b16fe447d1656d6", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/7e8883a3f04d308302361aeffc73e0e9837f19d4", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/95b073bddefa6243effa08e131e297c0383e7f6a", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/7bc367e464ce50b956dd232c1dfa1cad4e7fb814", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/962055268ed4f2ca1d717bfc8b6385de50a23ab7", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/fc0b8259e693caa8400fa8b6ac1e494e47ea7798", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/0aa1ee22ab6e204e9d3d0e9dd63ea648ed691ef1", }, ], source: { discovery: "UNKNOWN", }, title: "Infinite loop when iterating over zip archive entry names from zipfile.Path", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "28c92f92-d60d-412d-b760-e73465c3df22", assignerShortName: "PSF", cveId: "CVE-2024-8088", datePublished: "2024-08-22T18:45:31.807Z", dateReserved: "2024-08-22T12:42:32.661Z", dateUpdated: "2024-10-11T22:03:20.370Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-0397
Vulnerability from cvelistv5
Published
2024-06-17 15:09
Modified
2024-09-17 18:24
Severity ?
EPSS score ?
Summary
A defect was discovered in the Python “ssl” module where there is a memory
race condition with the ssl.SSLContext methods “cert_store_stats()” and
“get_ca_certs()”. The race condition can be triggered if the methods are
called at the same time as certificates are loaded into the SSLContext,
such as during the TLS handshake with a certificate directory configured.
This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Version: 0 Version: 3.9.0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0a1 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "cpython", vendor: "python_software_foundation", versions: [ { lessThan: "3.8.20", status: "affected", version: "0", versionType: "python", }, { lessThan: "3.9.20", status: "affected", version: "3.9.0", versionType: "python", }, { lessThan: "3.10.14", status: "affected", version: "3.10.0", versionType: "python", }, { lessThan: "3.11.9", status: "affected", version: "3.11.0", versionType: "python", }, { lessThan: "3.12.3", status: "affected", version: "3.12.0", versionType: "python", }, { lessThan: "3.13.0a5", status: "affected", version: "3.13.0a1", versionType: "python", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-0397", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-20T15:52:27.499743Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-17T18:24:43.948Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T18:04:49.771Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "issue-tracking", "x_transferred", ], url: "https://github.com/python/cpython/issues/114572", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/pull/114573", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/06/17/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CPython", repo: "https://github.com/python/cpython", vendor: "Python Software Foundation", versions: [ { lessThan: "3.8.20", status: "affected", version: "0", versionType: "python", }, { lessThan: "3.9.20", status: "affected", version: "3.9.0", versionType: "python", }, { lessThan: "3.10.14", status: "affected", version: "3.10.0", versionType: "python", }, { lessThan: "3.11.9", status: "affected", version: "3.11.0", versionType: "python", }, { lessThan: "3.12.3", status: "affected", version: "3.12.0", versionType: "python", }, { lessThan: "3.13.0a5", status: "affected", version: "3.13.0a1", versionType: "python", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A defect was discovered in the Python “ssl” module where there is a memory\nrace condition with the ssl.SSLContext methods “cert_store_stats()” and\n“get_ca_certs()”. The race condition can be triggered if the methods are\ncalled at the same time as certificates are loaded into the SSLContext,\nsuch as during the TLS handshake with a certificate directory configured.\nThis issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.", }, ], value: "A defect was discovered in the Python “ssl” module where there is a memory\nrace condition with the ssl.SSLContext methods “cert_store_stats()” and\n“get_ca_certs()”. The race condition can be triggered if the methods are\ncalled at the same time as certificates are loaded into the SSLContext,\nsuch as during the TLS handshake with a certificate directory configured.\nThis issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.", }, ], providerMetadata: { dateUpdated: "2024-09-07T02:44:08.540Z", orgId: "28c92f92-d60d-412d-b760-e73465c3df22", shortName: "PSF", }, references: [ { tags: [ "issue-tracking", ], url: "https://github.com/python/cpython/issues/114572", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/pull/114573", }, { tags: [ "vendor-advisory", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab", }, { url: "http://www.openwall.com/lists/oss-security/2024/06/17/2", }, ], source: { discovery: "UNKNOWN", }, title: "Memory race condition in ssl.SSLContext certificate store methods", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "28c92f92-d60d-412d-b760-e73465c3df22", assignerShortName: "PSF", cveId: "CVE-2024-0397", datePublished: "2024-06-17T15:09:40.896Z", dateReserved: "2024-01-10T14:05:31.635Z", dateUpdated: "2024-09-17T18:24:43.948Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-3219
Vulnerability from cvelistv5
Published
2024-07-29 21:54
Modified
2025-01-31 19:54
Severity ?
EPSS score ?
Summary
The
“socket” module provides a pure-Python fallback to the
socket.socketpair() function for platforms that don’t support AF_UNIX,
such as Windows. This pure-Python implementation uses AF_INET or
AF_INET6 to create a local connected pair of sockets. The connection
between the two sockets was not verified before passing the two sockets
back to the user, which leaves the server socket vulnerable to a
connection race from a malicious local peer.
Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Version: 0 Version: 3.9.0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0a1 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-3219", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-31T18:45:03.016211Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-306", description: "CWE-306 Missing Authentication for Critical Function", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-04T21:44:46.150Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:05:08.371Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/pull/122134", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://github.com/python/cpython/issues/122133", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/29/3", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "CPython", repo: "https://github.com/python/cpython", vendor: "Python Software Foundation", versions: [ { lessThan: "3.8.20", status: "affected", version: "0", versionType: "python", }, { lessThan: "3.9.20", status: "affected", version: "3.9.0", versionType: "python", }, { lessThan: "3.10.15", status: "affected", version: "3.10.0", versionType: "python", }, { lessThan: "3.11.10", status: "affected", version: "3.11.0", versionType: "python", }, { lessThan: "3.12.5", status: "affected", version: "3.12.0", versionType: "python", }, { lessThan: "3.13.0rc1", status: "affected", version: "3.13.0a1", versionType: "python", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "Ellie", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "The\n “socket” module provides a pure-Python fallback to the \nsocket.socketpair() function for platforms that don’t support AF_UNIX, \nsuch as Windows. This pure-Python implementation uses AF_INET or \nAF_INET6 to create a local connected pair of sockets. The connection \nbetween the two sockets was not verified before passing the two sockets \nback to the user, which leaves the server socket vulnerable to a \nconnection race from a malicious local peer.<br><br>Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.<br>", }, ], value: "The\n “socket” module provides a pure-Python fallback to the \nsocket.socketpair() function for platforms that don’t support AF_UNIX, \nsuch as Windows. This pure-Python implementation uses AF_INET or \nAF_INET6 to create a local connected pair of sockets. The connection \nbetween the two sockets was not verified before passing the two sockets \nback to the user, which leaves the server socket vulnerable to a \nconnection race from a malicious local peer.\n\nPlatforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.", }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "LOCAL", baseScore: 5.1, baseSeverity: "MEDIUM", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-31T19:54:41.350Z", orgId: "28c92f92-d60d-412d-b760-e73465c3df22", shortName: "PSF", }, references: [ { tags: [ "patch", ], url: "https://github.com/python/cpython/pull/122134", }, { tags: [ "issue-tracking", ], url: "https://github.com/python/cpython/issues/122133", }, { tags: [ "vendor-advisory", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/", }, { url: "http://www.openwall.com/lists/oss-security/2024/07/29/3", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5", }, ], source: { discovery: "UNKNOWN", }, title: "Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "28c92f92-d60d-412d-b760-e73465c3df22", assignerShortName: "PSF", cveId: "CVE-2024-3219", datePublished: "2024-07-29T21:54:05.830Z", dateReserved: "2024-04-02T18:03:22.557Z", dateUpdated: "2025-01-31T19:54:41.350Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-3220
Vulnerability from cvelistv5
Published
2025-02-14 16:18
Modified
2025-03-14 10:03
Severity ?
EPSS score ?
Summary
There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the incorrect file type.
This defect is caused by the default locations of Linux and macOS platforms (such as “/etc/mime.types”) also being used on Windows, where they are user-writable locations (“C:\etc\mime.types”).
To work-around this issue a user can call mimetypes.init() with an empty list (“[]”) on Windows platforms to avoid using the default list of known file locations.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Version: 0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-3220", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-14T16:46:00.511698Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-14T16:46:05.095Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-03-14T10:03:04.669Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2025/02/14/8", }, { url: "https://security.netapp.com/advisory/ntap-20250314-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CPython", repo: "https://github.com/python/cpython", vendor: "Python Software Foundation", versions: [ { lessThan: "3.14.0", status: "affected", version: "0", versionType: "python", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the incorrect file type.<br><br>This defect is caused by the default locations of Linux and macOS platforms (such as “/etc/mime.types”) also being used on Windows, where they are user-writable locations (“C:\\etc\\mime.types”).<br><br>To work-around this issue a user can call mimetypes.init() with an empty list (“[]”) on Windows platforms to avoid using the default list of known file locations.", }, ], value: "There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the incorrect file type.\n\nThis defect is caused by the default locations of Linux and macOS platforms (such as “/etc/mime.types”) also being used on Windows, where they are user-writable locations (“C:\\etc\\mime.types”).\n\nTo work-around this issue a user can call mimetypes.init() with an empty list (“[]”) on Windows platforms to avoid using the default list of known file locations.", }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "PRESENT", attackVector: "NETWORK", baseScore: 2.3, baseSeverity: "LOW", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426 Untrusted Search Path", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-14T16:18:00.918Z", orgId: "28c92f92-d60d-412d-b760-e73465c3df22", shortName: "PSF", }, references: [ { tags: [ "vendor-advisory", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/CDXW34ND2LSAOYAR5N6UNONP4ZBX4D6R/", }, ], source: { discovery: "UNKNOWN", }, title: "Default mimetype known files writeable on Windows", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "28c92f92-d60d-412d-b760-e73465c3df22", assignerShortName: "PSF", cveId: "CVE-2024-3220", datePublished: "2025-02-14T16:18:00.918Z", dateReserved: "2024-04-02T18:08:09.733Z", dateUpdated: "2025-03-14T10:03:04.669Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4032
Vulnerability from cvelistv5
Published
2024-06-17 15:05
Modified
2024-09-17 15:55
Severity ?
EPSS score ?
Summary
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.
CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Version: 0 Version: 3.9.0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0a1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T20:26:57.360Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "issue-tracking", "x_transferred", ], url: "https://github.com/python/cpython/issues/113171", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/pull/113179", }, { tags: [ "x_transferred", ], url: "https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml", }, { tags: [ "x_transferred", ], url: "https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/06/17/3", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240726-0004/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cpython", vendor: "python", versions: [ { lessThan: "3.12.4", status: "affected", version: "0", versionType: "custom", }, { lessThan: "3.13.0a6", status: "affected", version: "3.13.0a1", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-4032", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-08T18:21:11.207929Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-697", description: "CWE-697 Incorrect Comparison", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-17T15:55:55.506Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CPython", repo: "https://github.com/python/cpython", vendor: "Python Software Foundation", versions: [ { lessThan: "3.8.20", status: "affected", version: "0", versionType: "python", }, { lessThan: "3.9.20", status: "affected", version: "3.9.0", versionType: "python", }, { lessThan: "3.10.15", status: "affected", version: "3.10.0", versionType: "python", }, { lessThan: "3.11.10", status: "affected", version: "3.11.0", versionType: "python", }, { lessThan: "3.12.4", status: "affected", version: "3.12.0", versionType: "python", }, { lessThan: "3.13.0a6", status: "affected", version: "3.13.0a1", versionType: "python", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p><span style=\"background-color: transparent;\">The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.</span></p><p><span style=\"background-color: transparent;\">CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.</span></p>", }, ], value: "The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\n\nCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.", }, ], providerMetadata: { dateUpdated: "2024-09-07T02:44:42.321Z", orgId: "28c92f92-d60d-412d-b760-e73465c3df22", shortName: "PSF", }, references: [ { tags: [ "issue-tracking", ], url: "https://github.com/python/cpython/issues/113171", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/pull/113179", }, { url: "https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml", }, { url: "https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml", }, { tags: [ "vendor-advisory", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3", }, { url: "http://www.openwall.com/lists/oss-security/2024/06/17/3", }, { url: "https://security.netapp.com/advisory/ntap-20240726-0004/", }, ], source: { discovery: "UNKNOWN", }, title: "Incorrect IPv4 and IPv6 private ranges", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "28c92f92-d60d-412d-b760-e73465c3df22", assignerShortName: "PSF", cveId: "CVE-2024-4032", datePublished: "2024-06-17T15:05:58.827Z", dateReserved: "2024-04-22T17:15:47.895Z", dateUpdated: "2024-09-17T15:55:55.506Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-0938
Vulnerability from cvelistv5
Published
2025-01-31 17:51
Modified
2025-03-14 10:03
Severity ?
EPSS score ?
Summary
The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Version: 0 Version: 3.13.0 Version: 3.14.0a1 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-0938", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-31T18:50:16.654297Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-31T18:50:29.327Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-03-14T10:03:07.501Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20250314-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CPython", repo: "https://github.com/python/cpython", vendor: "Python Software Foundation", versions: [ { lessThan: "3.12.9", status: "affected", version: "0", versionType: "python", }, { lessThan: "3.13.2", status: "affected", version: "3.13.0", versionType: "python", }, { lessThan: "3.14.0a5", status: "affected", version: "3.14.0a1", versionType: "python", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.<br>", }, ], value: "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "HIGH", attackRequirements: "PRESENT", attackVector: "NETWORK", baseScore: 6.3, baseSeverity: "MEDIUM", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "LOW", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T19:10:34.555Z", orgId: "28c92f92-d60d-412d-b760-e73465c3df22", shortName: "PSF", }, references: [ { tags: [ "issue-tracking", ], url: "https://github.com/python/cpython/issues/105704", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/pull/129418", }, { tags: [ "vendor-advisory", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/90e526ae67b172ed7c6c56e7edad36263b0f9403", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/a7084f6075c9595ba60119ce8c62f1496f50c568", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/526617ed68cde460236c973e5d0a8bad4de896ba", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/b8b4b713c5f8ec0958c7ef8d29d6711889bc94ab", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/ff4e5c25666f63544071a6b075ae8b25c98b7a32", }, ], source: { discovery: "UNKNOWN", }, title: "URL parser allowed square brackets in domain names", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "28c92f92-d60d-412d-b760-e73465c3df22", assignerShortName: "PSF", cveId: "CVE-2025-0938", datePublished: "2025-01-31T17:51:35.898Z", dateReserved: "2025-01-31T17:45:10.107Z", dateUpdated: "2025-03-14T10:03:07.501Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4030
Vulnerability from cvelistv5
Published
2024-05-07 21:02
Modified
2024-09-07 02:44
Severity ?
EPSS score ?
Summary
On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.
If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.
This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Version: 0 Version: 3.9.0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0a1 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cpython", vendor: "python", versions: [ { status: "affected", version: "0", }, { status: "affected", version: "3.13.0a1", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-4030", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-08T15:32:37.215710Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:55:02.857Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:26:57.265Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://github.com/python/cpython/issues/118486", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240705-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "CPython", repo: "https://github.com/python/cpython", vendor: "Python Software Foundation", versions: [ { lessThan: "3.8.20", status: "affected", version: "0", versionType: "python", }, { lessThan: "3.9.20", status: "affected", version: "3.9.0", versionType: "python", }, { lessThan: "3.10.15", status: "affected", version: "3.10.0", versionType: "python", }, { lessThan: "3.11.10", status: "affected", version: "3.11.0", versionType: "python", }, { lessThan: "3.12.4", status: "affected", version: "3.12.0", versionType: "python", }, { lessThan: "3.13.0b1", status: "affected", version: "3.13.0a1", versionType: "python", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Aobo Wang", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p><span style=\"background-color: transparent;\">On Windows a directory returned by </span><span style=\"background-color: transparent;\">tempfile.mkdtemp()</span><span style=\"background-color: transparent;\"> would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.</span></p><p><span style=\"background-color: transparent;\">If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.</span></p><span style=\"background-color: transparent;\">This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the </span><span style=\"background-color: transparent;\">mkdir</span><span style=\"background-color: transparent;\"> function on Windows which is used by </span><span style=\"background-color: transparent;\">mkdtemp()</span><span style=\"background-color: transparent;\"> to ensure the newly created directory has the proper permissions.</span><br>", }, ], value: "On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.", }, ], impacts: [ { capecId: "CAPEC-1", descriptions: [ { lang: "en", value: "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-276", description: "CWE-276 Incorrect Default Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-07T02:44:36.613Z", orgId: "28c92f92-d60d-412d-b760-e73465c3df22", shortName: "PSF", }, references: [ { tags: [ "vendor-advisory", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/", }, { tags: [ "issue-tracking", ], url: "https://github.com/python/cpython/issues/118486", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46", }, { url: "https://security.netapp.com/advisory/ntap-20240705-0005/", }, ], source: { discovery: "UNKNOWN", }, title: "tempfile.mkdtemp() may be readable and writeable by all users on Windows", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "28c92f92-d60d-412d-b760-e73465c3df22", assignerShortName: "PSF", cveId: "CVE-2024-4030", datePublished: "2024-05-07T21:02:55.284Z", dateReserved: "2024-04-22T14:49:13.316Z", dateUpdated: "2024-09-07T02:44:36.613Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-0450
Vulnerability from cvelistv5
Published
2024-03-19 15:12
Modified
2024-08-02 15:00
Severity ?
EPSS score ?
Summary
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.
The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Version: 0 Version: 3.9.0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0a1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T18:04:49.775Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://github.com/python/cpython/issues/109858", }, { tags: [ "x_transferred", ], url: "https://www.bamsoftware.com/hacks/zipbomb/", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/20/5", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cpython", vendor: "python", versions: [ { lessThan: "3.8.18", status: "affected", version: "0", versionType: "custom", }, { status: "affected", version: "3.9.18", }, { status: "affected", version: "3.10.13", }, { status: "affected", version: "3.11.7", }, { status: "affected", version: "3.12.1", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-0450", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-20T14:30:38.300055Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-02T15:00:26.971Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CPython", repo: "https://github.com/python/cpython", vendor: "Python Software Foundation", versions: [ { lessThan: "3.8.19", status: "affected", version: "0", versionType: "python", }, { lessThan: "3.9.19", status: "affected", version: "3.9.0", versionType: "python", }, { lessThan: "3.10.14", status: "affected", version: "3.10.0", versionType: "python", }, { lessThan: "3.11.8", status: "affected", version: "3.11.0", versionType: "python", }, { lessThan: "3.12.2", status: "affected", version: "3.12.0", versionType: "python", }, { lessThan: "3.13.0a3", status: "affected", version: "3.13.0a1", versionType: "python", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p><span style=\"background-color: transparent;\">An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.</span></p><p><span style=\"background-color: transparent;\">The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.</span></p><br>", }, ], value: "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\n\n", }, ], impacts: [ { capecId: "CAPEC-130", descriptions: [ { lang: "en", value: "CAPEC-130 Excessive Allocation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-405", description: "CWE-405", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-13T19:24:15.993Z", orgId: "28c92f92-d60d-412d-b760-e73465c3df22", shortName: "PSF", }, references: [ { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183", }, { tags: [ "issue-tracking", ], url: "https://github.com/python/cpython/issues/109858", }, { url: "https://www.bamsoftware.com/hacks/zipbomb/", }, { tags: [ "vendor-advisory", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/", }, { url: "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html", }, { url: "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html", }, { url: "http://www.openwall.com/lists/oss-security/2024/03/20/5", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/", }, ], source: { discovery: "UNKNOWN", }, title: "Quoted zip-bomb protection for zipfile", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "28c92f92-d60d-412d-b760-e73465c3df22", assignerShortName: "PSF", cveId: "CVE-2024-0450", datePublished: "2024-03-19T15:12:07.789Z", dateReserved: "2024-01-11T22:16:41.964Z", dateUpdated: "2024-08-02T15:00:26.971Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-7592
Vulnerability from cvelistv5
Published
2024-08-19 19:06
Modified
2025-01-31 19:55
Severity ?
EPSS score ?
Summary
There is a LOW severity vulnerability affecting CPython, specifically the
'http.cookies' standard library module.
When parsing cookies that contained backslashes for quoted characters in
the cookie value, the parser would use an algorithm with quadratic
complexity, resulting in excess CPU resources being used while parsing the
value.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Version: 0 Version: 3.9.0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0a1 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "cpython", vendor: "python", versions: [ { lessThan: "3.8.20", status: "affected", version: "0", versionType: "python", }, { lessThan: "3.9.20", status: "affected", version: "3.9.0", versionType: "python", }, { lessThan: "3.10.15", status: "affected", version: "3.10.0", versionType: "python", }, { lessThan: "3.11.10", status: "affected", version: "3.11.0", versionType: "python", }, { lessThan: "3.12.6", status: "affected", version: "3.12.0", versionType: "python", }, { lessThan: "3.13.0rc2", status: "affected", version: "3.13.0a1", versionType: "python", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-7592", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-03T17:21:02.520596Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-09T20:53:12.739Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-10-18T13:07:47.143Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20241018-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CPython", repo: "https://github.com/python/cpython", vendor: "Python Software Foundation", versions: [ { lessThan: "3.8.20", status: "affected", version: "0", versionType: "python", }, { lessThan: "3.9.20", status: "affected", version: "3.9.0", versionType: "python", }, { lessThan: "3.10.15", status: "affected", version: "3.10.0", versionType: "python", }, { lessThan: "3.11.10", status: "affected", version: "3.11.0", versionType: "python", }, { lessThan: "3.12.6", status: "affected", version: "3.12.0", versionType: "python", }, { lessThan: "3.13.0rc2", status: "affected", version: "3.13.0a1", versionType: "python", }, ], }, ], datePublic: "2024-08-16T16:15:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>There is a LOW severity vulnerability affecting CPython, specifically the\n'<i><b>http.cookies</b></i>' standard library module.</p>\n<p>When parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.</p><br><p></p>", }, ], value: "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-31T19:55:12.119Z", orgId: "28c92f92-d60d-412d-b760-e73465c3df22", shortName: "PSF", }, references: [ { tags: [ "patch", ], url: "https://github.com/python/cpython/pull/123075", }, { tags: [ "issue-tracking", ], url: "https://github.com/python/cpython/issues/123067", }, { tags: [ "vendor-advisory", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/44e458357fca05ca0ae2658d62c8c595b048b5ef", }, ], source: { discovery: "UNKNOWN", }, title: "Quadratic complexity parsing cookies with backslashes", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "28c92f92-d60d-412d-b760-e73465c3df22", assignerShortName: "PSF", cveId: "CVE-2024-7592", datePublished: "2024-08-19T19:06:45.311Z", dateReserved: "2024-08-07T15:53:07.135Z", dateUpdated: "2025-01-31T19:55:12.119Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-12254
Vulnerability from cvelistv5
Published
2024-12-06 15:19
Modified
2025-02-05 16:54
Severity ?
EPSS score ?
Summary
Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()
method would not "pause" writing and signal to the Protocol to drain
the buffer to the wire once the write buffer reached the "high-water
mark". Because of this, Protocols would not periodically drain the write
buffer potentially leading to memory exhaustion.
This
vulnerability likely impacts a small number of users, you must be using
Python 3.12.0 or later, on macOS or Linux, using the asyncio module
with protocols, and using .writelines() method which had new
zero-copy-on-write behavior in Python 3.12.0 and later. If not all of
these factors are true then your usage of Python is unaffected.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Version: 3.12.0 Version: 3.13.0 Version: 3.14.0a1 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cpython", vendor: "python_software_foundation", versions: [ { lessThan: "3.14.0a1", status: "affected", version: "3.12.0", versionType: "python", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-12254", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-06T15:35:11.234951Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-05T16:54:28.955Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-12-06T19:02:35.550Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/12/06/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "asyncio", ], platforms: [ "MacOS", "Linux", ], product: "CPython", repo: "https://github.com/python/cpython", vendor: "Python Software Foundation", versions: [ { lessThan: "3.12.9", status: "affected", version: "3.12.0", versionType: "python", }, { lessThan: "3.13.2", status: "affected", version: "3.13.0", versionType: "python", }, { lessThan: "3.14.0a3", status: "affected", version: "3.14.0a1", versionType: "python", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "J. Nick Koston", }, { lang: "en", type: "coordinator", value: "Seth Larson", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<div>Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()\n method would not \"pause\" writing and signal to the Protocol to drain \nthe buffer to the wire once the write buffer reached the \"high-water \nmark\". Because of this, Protocols would not periodically drain the write\n buffer potentially leading to memory exhaustion.<br></div><div><br></div><div>This\n vulnerability likely impacts a small number of users, you must be using\n Python 3.12.0 or later, on macOS or Linux, using the asyncio module \nwith protocols, and using .writelines() method which had new \nzero-copy-on-write behavior in Python 3.12.0 and later. If not all of \nthese factors are true then your usage of Python is unaffected.</div><br>", }, ], value: "Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()\n method would not \"pause\" writing and signal to the Protocol to drain \nthe buffer to the wire once the write buffer reached the \"high-water \nmark\". Because of this, Protocols would not periodically drain the write\n buffer potentially leading to memory exhaustion.\n\n\n\n\n\nThis\n vulnerability likely impacts a small number of users, you must be using\n Python 3.12.0 or later, on macOS or Linux, using the asyncio module \nwith protocols, and using .writelines() method which had new \nzero-copy-on-write behavior in Python 3.12.0 and later. If not all of \nthese factors are true then your usage of Python is unaffected.", }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 8.7, baseSeverity: "HIGH", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T20:38:34.082Z", orgId: "28c92f92-d60d-412d-b760-e73465c3df22", shortName: "PSF", }, references: [ { tags: [ "issue-tracking", ], url: "https://github.com/python/cpython/issues/127655", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/pull/127656", }, { tags: [ "vendor-advisory", ], url: "https://mail.python.org/archives/list/security-announce@python.org/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/71e8429ac8e2adc10084ab5ec29a62f4b6671a82", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/9aa0deb2eef2655a1029ba228527b152353135b5", }, { tags: [ "patch", ], url: "https://github.com/python/cpython/commit/e991ac8f2037d78140e417cc9a9486223eb3e786", }, ], source: { discovery: "UNKNOWN", }, title: "Unbounded memory buffering in SelectorSocketTransport.writelines()", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "28c92f92-d60d-412d-b760-e73465c3df22", assignerShortName: "PSF", cveId: "CVE-2024-12254", datePublished: "2024-12-06T15:19:41.576Z", dateReserved: "2024-12-05T16:17:55.154Z", dateUpdated: "2025-02-05T16:54:28.955Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }