Vulnerability-Lookup

CVE-2025-13837 (GCVE-0-2025-13837)

Vulnerability from cvelistv5 – Published: 2025-12-01 18:13 – Updated: 2026-03-03 14:41

Title

Out-of-memory when loading Plist

Summary

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

Severity

2.1 (Low)


                        
                          CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

PSF

References

9 references

URL	Tags
https://github.com/python/cpython/pull/119343	patch
https://github.com/python/cpython/issues/119342	issue-tracking
https://github.com/python/cpython/commit/694922cf…	patch
https://github.com/python/cpython/commit/71fa8eb8…	patch
https://github.com/python/cpython/commit/b64441e4…	patch
https://mail.python.org/archives/list/security-an…	vendor-advisory
https://github.com/python/cpython/commit/5a8b1967…	patch
https://github.com/python/cpython/commit/568342cf…	patch
https://github.com/python/cpython/commit/cefee7d1…	patch

Impacted products

1 product

Vendor	Product	Version
Python Software Foundation	CPython	Affected: 0 , < 3.10.20 (python) Affected: 3.11.0 , < 3.11.15 (python) Affected: 3.12.0 , < 3.12.13 (python) Affected: 3.13.0 , < 3.13.10 (python) Affected: 3.14.0 , < 3.14.1 (python) Affected: 3.15.0a1 , < 3.15.0a3 (python)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13837",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-01T18:23:28.615317Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-07T15:16:47.344Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "plistlib"
          ],
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.10.20",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.15",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.13",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.10",
              "status": "affected",
              "version": "3.13.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.14.1",
              "status": "affected",
              "version": "3.14.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.15.0a3",
              "status": "affected",
              "version": "3.15.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues"
            }
          ],
          "value": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-03T14:41:54.597Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/119343"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/119342"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Out-of-memory when loading Plist",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2025-13837",
    "datePublished": "2025-12-01T18:13:32.739Z",
    "dateReserved": "2025-12-01T17:54:41.439Z",
    "dateUpdated": "2026-03-03T14:41:54.597Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-13837",
      "date": "2026-05-27",
      "epss": "0.00031",
      "percentile": "0.09212"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-13837\",\"sourceIdentifier\":\"cna@python.org\",\"published\":\"2025-12-01T18:16:04.380\",\"lastModified\":\"2026-03-03T15:16:14.483\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues\"},{\"lang\":\"es\",\"value\":\"Al cargar un archivo plist, el m\u00f3dulo plistlib lee datos en un tama\u00f1o especificado por el propio archivo, lo que significa que un archivo malicioso puede causar problemas de OOM y DoS.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@python.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":2.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.13.10\",\"matchCriteriaId\":\"B02C195C-8271-4207-9FE9-E46C7A4978AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.14.0\",\"versionEndExcluding\":\"3.14.1\",\"matchCriteriaId\":\"6E66BA7A-987F-4E24-8B69-4F46D6FCD19E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:3.15.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3327507-0B1D-4F28-A983-D07A2C8A7696\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:3.15.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8AF17F1-A27F-4C98-BA5A-B4319710E8D1\"}]}]}],\"references\":[{\"url\":\"https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b\",\"source\":\"cna@python.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70\",\"source\":\"cna@python.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba\",\"source\":\"cna@python.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb\",\"source\":\"cna@python.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/issues/119342\",\"source\":\"cna@python.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/python/cpython/pull/119343\",\"source\":\"cna@python.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/\",\"source\":\"cna@python.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-13837\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-01T18:23:28.615317Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-01T18:23:33.149Z\"}}], \"cna\": {\"title\": \"Out-of-memory when loading Plist\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 2.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/python/cpython\", \"vendor\": \"Python Software Foundation\", \"modules\": [\"plistlib\"], \"product\": \"CPython\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.10.20\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.11.0\", \"lessThan\": \"3.11.15\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.12.0\", \"lessThan\": \"3.12.13\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.13.0\", \"lessThan\": \"3.13.10\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.14.0\", \"lessThan\": \"3.14.1\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.15.0a1\", \"lessThan\": \"3.15.0a3\", \"versionType\": \"python\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/python/cpython/pull/119343\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/issues/119342\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb\", \"tags\": [\"patch\"]}, {\"url\": \"https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"28c92f92-d60d-412d-b760-e73465c3df22\", \"shortName\": \"PSF\", \"dateUpdated\": \"2026-03-03T14:41:54.597Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-13837\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-03T14:41:54.597Z\", \"dateReserved\": \"2025-12-01T17:54:41.439Z\", \"assignerOrgId\": \"28c92f92-d60d-412d-b760-e73465c3df22\", \"datePublished\": \"2025-12-01T18:13:32.739Z\", \"assignerShortName\": \"PSF\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2025-AVI-1060

Vulnerability from certfr_avis - Published: 2025-12-03 - Updated: 2025-12-03

De multiples vulnérabilités ont été découvertes dans Python. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Python	CPython	Python sans les derniers correctifs de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Python 2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C	2025-12-01	vendor-advisory
Bulletin de sécurité Python OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO	2025-12-01	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Python sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "CPython",
        "vendor": {
          "name": "Python",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-13837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
    },
    {
      "name": "CVE-2025-13836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
    }
  ],
  "initial_release_date": "2025-12-03T00:00:00",
  "last_revision_date": "2025-12-03T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1060",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-12-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Python. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Python",
  "vendor_advisories": [
    {
      "published_at": "2025-12-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Python 2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C",
      "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/"
    },
    {
      "published_at": "2025-12-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Python OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO",
      "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/"
    }
  ]
}

CERTFR-2025-AVI-1078

Vulnerability from certfr_avis - Published: 2025-12-08 - Updated: 2025-12-08

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	cbl2 msft-golang 1.24.9-1
Microsoft	N/A	cbl2 golang 1.22.7-5
Microsoft	N/A	azl3 golang 1.23.12-1
Microsoft	N/A	cbl2 python3 3.9.19-16
Microsoft	N/A	cbl2 python-tensorboard 2.11.0-3
Microsoft	N/A	cbl2 qt5-qtbase 5.12.11-18
Microsoft	N/A	cbl2 reaper 3.1.1-21
Microsoft	N/A	cbl2 python3 3.9.19-17
Microsoft	N/A	azl3 python-tensorboard 2.16.2-6
Microsoft	N/A	azl3 kernel 6.6.112.1-2
Microsoft	N/A	cbl2 vim 9.1.1616-1
Microsoft	N/A	cbl2 kernel 5.15.186.1-1
Microsoft	N/A	azl3 tensorflow 2.16.1-9
Microsoft	N/A	cbl2 gcc 11.2.0-8
Microsoft	N/A	azl3 vim 9.1.1616-1
Microsoft	N/A	azl3 golang 1.25.3-1
Microsoft	N/A	azl3 pgbouncer 1.24.1-1
Microsoft	N/A	cbl2 tensorflow 2.11.1-2
Microsoft	N/A	azl3 libpng 1.6.40-1 versions antérieures à 1.6.52-1
Microsoft	N/A	azl3 gcc 13.2.0-7
Microsoft	N/A	azl3 python3 3.12.9-5
Microsoft	N/A	cbl2 golang 1.18.8-10
Microsoft	N/A	cbl2 reaper 3.1.1-19

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2025-40254	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40257	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40245	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40258	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-50304	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40219	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40233	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40244	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2023-53209	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61729	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40262	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40253	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40223	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40217	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-6485	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40252	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40250	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40261	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40215	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40264	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40263	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-12084	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-12385	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-12819	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61727	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40242	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40259	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-50303	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40243	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40251	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40247	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40220	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-66476	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40240	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40248	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-13836	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-66293	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2023-53231	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40218	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-13837	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40266	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-34297	2025-12-05	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "cbl2 msft-golang 1.24.9-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 golang 1.22.7-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 golang 1.23.12-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 python3 3.9.19-16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 python-tensorboard 2.11.0-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 qt5-qtbase 5.12.11-18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 reaper 3.1.1-21",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 python3 3.9.19-17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 python-tensorboard 2.16.2-6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kernel 6.6.112.1-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 vim 9.1.1616-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 kernel 5.15.186.1-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 tensorflow 2.16.1-9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 gcc 11.2.0-8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 vim 9.1.1616-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 golang 1.25.3-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 pgbouncer 1.24.1-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 tensorflow 2.11.1-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 libpng 1.6.40-1 versions ant\u00e9rieures \u00e0 1.6.52-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 gcc 13.2.0-7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 python3 3.12.9-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 golang 1.18.8-10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 reaper 3.1.1-19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-40254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40254"
    },
    {
      "name": "CVE-2025-40219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40219"
    },
    {
      "name": "CVE-2025-40240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40240"
    },
    {
      "name": "CVE-2025-12084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
    },
    {
      "name": "CVE-2023-53209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-53209"
    },
    {
      "name": "CVE-2025-40251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40251"
    },
    {
      "name": "CVE-2025-13837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
    },
    {
      "name": "CVE-2022-50304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-50304"
    },
    {
      "name": "CVE-2025-40245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40245"
    },
    {
      "name": "CVE-2025-40233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40233"
    },
    {
      "name": "CVE-2025-40242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40242"
    },
    {
      "name": "CVE-2025-61727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
    },
    {
      "name": "CVE-2025-40252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40252"
    },
    {
      "name": "CVE-2025-40218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40218"
    },
    {
      "name": "CVE-2025-40220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40220"
    },
    {
      "name": "CVE-2025-40257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40257"
    },
    {
      "name": "CVE-2025-40263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40263"
    },
    {
      "name": "CVE-2025-13836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
    },
    {
      "name": "CVE-2025-66293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
    },
    {
      "name": "CVE-2025-40250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40250"
    },
    {
      "name": "CVE-2025-40264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40264"
    },
    {
      "name": "CVE-2025-66476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66476"
    },
    {
      "name": "CVE-2022-50303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-50303"
    },
    {
      "name": "CVE-2025-40243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40243"
    },
    {
      "name": "CVE-2025-40266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40266"
    },
    {
      "name": "CVE-2024-6485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
    },
    {
      "name": "CVE-2025-12385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12385"
    },
    {
      "name": "CVE-2023-53231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-53231"
    },
    {
      "name": "CVE-2025-40247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40247"
    },
    {
      "name": "CVE-2025-40215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40215"
    },
    {
      "name": "CVE-2025-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40217"
    },
    {
      "name": "CVE-2025-40248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40248"
    },
    {
      "name": "CVE-2025-40259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40259"
    },
    {
      "name": "CVE-2025-40253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40253"
    },
    {
      "name": "CVE-2025-12819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12819"
    },
    {
      "name": "CVE-2025-40258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40258"
    },
    {
      "name": "CVE-2025-34297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-34297"
    },
    {
      "name": "CVE-2025-40262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40262"
    },
    {
      "name": "CVE-2025-40261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40261"
    },
    {
      "name": "CVE-2025-40244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40244"
    },
    {
      "name": "CVE-2025-40223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40223"
    },
    {
      "name": "CVE-2025-61729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
    }
  ],
  "initial_release_date": "2025-12-08T00:00:00",
  "last_revision_date": "2025-12-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1078",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-12-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40254",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40254"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40257",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40257"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40245",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40245"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40258",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40258"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50304",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50304"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40219",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40219"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40233",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40233"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40244",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40244"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-53209",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53209"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61729",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61729"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40262",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40262"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40253",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40253"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40223",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40223"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40217",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40217"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-6485",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-6485"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40252",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40252"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40250",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40250"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40261",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40261"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40215",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40215"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40264",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40264"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40263",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40263"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12084",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12084"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12385",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12385"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12819",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12819"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61727",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61727"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40242",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40242"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40259",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40259"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50303",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50303"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40243",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40243"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40251",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40251"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40247",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40247"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40220",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40220"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66476",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66476"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40240",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40240"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40248",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40248"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13836",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13836"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66293",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66293"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-53231",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53231"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40218",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40218"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13837",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13837"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40266",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40266"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-34297",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-34297"
    }
  ]
}

CERTFR-2026-AVI-0068

Vulnerability from certfr_avis - Published: 2026-01-21 - Updated: 2026-01-21

De multiples vulnérabilités ont été découvertes dans Oracle Database Server. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Oracle	Database Server	Oracle Database Server (SQLcl) versions 23.4.0 à 23.26.0
Oracle	Database Server	Oracle Database Server (Fleet Patching and Provisioning) versions 23.4.0 à 23.26.0
Oracle	Database Server	Oracle Database Server (GraalVM Multilingual Engine) versions 21.3 à 21.20 et 23.4.0 à 23.26.0
Oracle	Database Server	Oracle Database Server (RDBMS) versions 21.3 à 21.20 et 23.4.0 à 23.26.0
Oracle	Database Server	Oracle Database Server (Oracle Spatial and Graph) versions 23.4.0 à 23.26.0
Oracle	Database Server	Oracle Database Server (Java VM) versions 19.3 à 19.29 et 21.3 à 21.20
Oracle	Database Server	Oracle Graal Development Kit for Micronaut versions 19.3 à 19.29 et 23.4.0 à 23.26.0

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle Database Server cpujan2026

2026-01-20

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Database Server (SQLcl) versions 23.4.0 \u00e0 23.26.0",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database Server (Fleet Patching and Provisioning) versions 23.4.0 \u00e0 23.26.0",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database Server (GraalVM Multilingual Engine) versions 21.3 \u00e0 21.20 et 23.4.0 \u00e0 23.26.0",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database Server (RDBMS) versions 21.3 \u00e0 21.20 et 23.4.0 \u00e0 23.26.0",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database Server (Oracle Spatial and Graph) versions 23.4.0 \u00e0 23.26.0",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database Server (Java VM) versions 19.3 \u00e0 19.29 et 21.3 \u00e0 21.20",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Graal Development Kit for Micronaut versions 19.3 \u00e0 19.29 et  23.4.0 \u00e0 23.26.0",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-6069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
    },
    {
      "name": "CVE-2026-21975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21975"
    },
    {
      "name": "CVE-2025-6075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
    },
    {
      "name": "CVE-2025-13837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
    },
    {
      "name": "CVE-2025-54874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54874"
    },
    {
      "name": "CVE-2025-8291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
    },
    {
      "name": "CVE-2026-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21939"
    },
    {
      "name": "CVE-2025-8194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
    },
    {
      "name": "CVE-2025-12383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12383"
    },
    {
      "name": "CVE-2025-13836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
    },
    {
      "name": "CVE-2025-67735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
    },
    {
      "name": "CVE-2025-8869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8869"
    },
    {
      "name": "CVE-2025-61755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61755"
    }
  ],
  "initial_release_date": "2026-01-21T00:00:00",
  "last_revision_date": "2026-01-21T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0068",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-01-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database Server. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
  "vendor_advisories": [
    {
      "published_at": "2026-01-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle Database Server cpujan2026",
      "url": "https://www.oracle.com/security-alerts/cpujan2026.html"
    }
  ]
}

CERTFR-2025-AVI-1060

Vulnerability from certfr_avis - Published: 2025-12-03 - Updated: 2025-12-03

De multiples vulnérabilités ont été découvertes dans Python. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Python	CPython	Python sans les derniers correctifs de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Python 2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C	2025-12-01	vendor-advisory
Bulletin de sécurité Python OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO	2025-12-01	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Python sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "CPython",
        "vendor": {
          "name": "Python",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-13837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
    },
    {
      "name": "CVE-2025-13836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
    }
  ],
  "initial_release_date": "2025-12-03T00:00:00",
  "last_revision_date": "2025-12-03T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1060",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-12-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Python. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Python",
  "vendor_advisories": [
    {
      "published_at": "2025-12-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Python 2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C",
      "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/"
    },
    {
      "published_at": "2025-12-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Python OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO",
      "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/"
    }
  ]
}

CERTFR-2025-AVI-1078

Vulnerability from certfr_avis - Published: 2025-12-08 - Updated: 2025-12-08

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	cbl2 msft-golang 1.24.9-1
Microsoft	N/A	cbl2 golang 1.22.7-5
Microsoft	N/A	azl3 golang 1.23.12-1
Microsoft	N/A	cbl2 python3 3.9.19-16
Microsoft	N/A	cbl2 python-tensorboard 2.11.0-3
Microsoft	N/A	cbl2 qt5-qtbase 5.12.11-18
Microsoft	N/A	cbl2 reaper 3.1.1-21
Microsoft	N/A	cbl2 python3 3.9.19-17
Microsoft	N/A	azl3 python-tensorboard 2.16.2-6
Microsoft	N/A	azl3 kernel 6.6.112.1-2
Microsoft	N/A	cbl2 vim 9.1.1616-1
Microsoft	N/A	cbl2 kernel 5.15.186.1-1
Microsoft	N/A	azl3 tensorflow 2.16.1-9
Microsoft	N/A	cbl2 gcc 11.2.0-8
Microsoft	N/A	azl3 vim 9.1.1616-1
Microsoft	N/A	azl3 golang 1.25.3-1
Microsoft	N/A	azl3 pgbouncer 1.24.1-1
Microsoft	N/A	cbl2 tensorflow 2.11.1-2
Microsoft	N/A	azl3 libpng 1.6.40-1 versions antérieures à 1.6.52-1
Microsoft	N/A	azl3 gcc 13.2.0-7
Microsoft	N/A	azl3 python3 3.12.9-5
Microsoft	N/A	cbl2 golang 1.18.8-10
Microsoft	N/A	cbl2 reaper 3.1.1-19

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2025-40254	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40257	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40245	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40258	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-50304	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40219	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40233	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40244	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2023-53209	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61729	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40262	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40253	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40223	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40217	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-6485	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40252	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40250	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40261	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40215	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40264	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40263	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-12084	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-12385	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-12819	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61727	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40242	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40259	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-50303	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40243	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40251	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40247	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40220	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-66476	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40240	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40248	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-13836	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-66293	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2023-53231	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40218	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-13837	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40266	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-34297	2025-12-05	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "cbl2 msft-golang 1.24.9-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 golang 1.22.7-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 golang 1.23.12-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 python3 3.9.19-16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 python-tensorboard 2.11.0-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 qt5-qtbase 5.12.11-18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 reaper 3.1.1-21",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 python3 3.9.19-17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 python-tensorboard 2.16.2-6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kernel 6.6.112.1-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 vim 9.1.1616-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 kernel 5.15.186.1-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 tensorflow 2.16.1-9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 gcc 11.2.0-8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 vim 9.1.1616-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 golang 1.25.3-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 pgbouncer 1.24.1-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 tensorflow 2.11.1-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 libpng 1.6.40-1 versions ant\u00e9rieures \u00e0 1.6.52-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 gcc 13.2.0-7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 python3 3.12.9-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 golang 1.18.8-10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 reaper 3.1.1-19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-40254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40254"
    },
    {
      "name": "CVE-2025-40219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40219"
    },
    {
      "name": "CVE-2025-40240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40240"
    },
    {
      "name": "CVE-2025-12084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
    },
    {
      "name": "CVE-2023-53209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-53209"
    },
    {
      "name": "CVE-2025-40251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40251"
    },
    {
      "name": "CVE-2025-13837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
    },
    {
      "name": "CVE-2022-50304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-50304"
    },
    {
      "name": "CVE-2025-40245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40245"
    },
    {
      "name": "CVE-2025-40233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40233"
    },
    {
      "name": "CVE-2025-40242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40242"
    },
    {
      "name": "CVE-2025-61727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
    },
    {
      "name": "CVE-2025-40252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40252"
    },
    {
      "name": "CVE-2025-40218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40218"
    },
    {
      "name": "CVE-2025-40220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40220"
    },
    {
      "name": "CVE-2025-40257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40257"
    },
    {
      "name": "CVE-2025-40263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40263"
    },
    {
      "name": "CVE-2025-13836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
    },
    {
      "name": "CVE-2025-66293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
    },
    {
      "name": "CVE-2025-40250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40250"
    },
    {
      "name": "CVE-2025-40264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40264"
    },
    {
      "name": "CVE-2025-66476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66476"
    },
    {
      "name": "CVE-2022-50303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-50303"
    },
    {
      "name": "CVE-2025-40243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40243"
    },
    {
      "name": "CVE-2025-40266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40266"
    },
    {
      "name": "CVE-2024-6485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
    },
    {
      "name": "CVE-2025-12385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12385"
    },
    {
      "name": "CVE-2023-53231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-53231"
    },
    {
      "name": "CVE-2025-40247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40247"
    },
    {
      "name": "CVE-2025-40215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40215"
    },
    {
      "name": "CVE-2025-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40217"
    },
    {
      "name": "CVE-2025-40248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40248"
    },
    {
      "name": "CVE-2025-40259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40259"
    },
    {
      "name": "CVE-2025-40253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40253"
    },
    {
      "name": "CVE-2025-12819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12819"
    },
    {
      "name": "CVE-2025-40258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40258"
    },
    {
      "name": "CVE-2025-34297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-34297"
    },
    {
      "name": "CVE-2025-40262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40262"
    },
    {
      "name": "CVE-2025-40261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40261"
    },
    {
      "name": "CVE-2025-40244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40244"
    },
    {
      "name": "CVE-2025-40223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40223"
    },
    {
      "name": "CVE-2025-61729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
    }
  ],
  "initial_release_date": "2025-12-08T00:00:00",
  "last_revision_date": "2025-12-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1078",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-12-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40254",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40254"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40257",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40257"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40245",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40245"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40258",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40258"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50304",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50304"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40219",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40219"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40233",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40233"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40244",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40244"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-53209",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53209"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61729",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61729"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40262",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40262"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40253",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40253"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40223",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40223"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40217",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40217"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-6485",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-6485"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40252",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40252"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40250",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40250"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40261",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40261"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40215",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40215"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40264",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40264"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40263",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40263"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12084",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12084"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12385",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12385"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12819",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12819"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61727",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61727"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40242",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40242"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40259",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40259"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50303",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50303"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40243",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40243"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40251",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40251"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40247",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40247"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40220",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40220"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66476",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66476"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40240",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40240"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40248",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40248"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13836",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13836"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66293",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66293"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-53231",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53231"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40218",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40218"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13837",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13837"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40266",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40266"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-34297",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-34297"
    }
  ]
}

alsa-2026:10950

Vulnerability from osv_almalinux

Published

2026-04-27 00:00

Modified

2026-04-28 13:40

Summary

Important: python3.12 security update

Details

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)
python: Quadratic complexity in os.path.expandvars() with user-controlled template (CVE-2025-6075)
cpython: Out-of-memory when loading Plist (CVE-2025-13837)
cpython: Header injection via newlines in data URL mediatype in Python (CVE-2025-15282)
cpython: Header injection in http.cookies.Morsel in Python (CVE-2026-0672)
cpython: CPython: Logging Bypass in Legacy .pyc File Handling (CVE-2026-2297)
cpython: Incomplete control character validation in http.cookies (CVE-2026-3644)
cpython: Stack overflow parsing XML with deeply nested DTD content models (CVE-2026-4224)
python: Python: HTTP header injection via CR/LF in proxy tunnel headers (CVE-2026-1502)
python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)
python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2026:10950	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-13837	REPORT
	https://access.redhat.com/security/cve/CVE-2025-15282	REPORT
	https://access.redhat.com/security/cve/CVE-2025-59375	REPORT
	https://access.redhat.com/security/cve/CVE-2025-6075	REPORT
	https://access.redhat.com/security/cve/CVE-2026-0672	REPORT
	https://access.redhat.com/security/cve/CVE-2026-1502	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2297	REPORT
	https://access.redhat.com/security/cve/CVE-2026-3644	REPORT
	https://access.redhat.com/security/cve/CVE-2026-4224	REPORT
	https://access.redhat.com/security/cve/CVE-2026-4786	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6100	REPORT
	https://bugzilla.redhat.com/2395108	REPORT
	https://bugzilla.redhat.com/2408891	REPORT
	https://bugzilla.redhat.com/2418084	REPORT
	https://bugzilla.redhat.com/2431366	REPORT
	https://bugzilla.redhat.com/2431374	REPORT
	https://bugzilla.redhat.com/2444691	REPORT
	https://bugzilla.redhat.com/2448168	REPORT
	https://bugzilla.redhat.com/2448181	REPORT
	https://bugzilla.redhat.com/2457409	REPORT
	https://bugzilla.redhat.com/2457932	REPORT
	https://bugzilla.redhat.com/2458049	REPORT
	https://errata.almalinux.org/8/ALSA-2026-10950.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3.12"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3.12-debug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3.12-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3.12-idle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3.12-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3.12-rpm-macros"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3.12-test"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3.12-tkinter"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.  \n\nSecurity Fix(es):  \n\n  * expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)\n  * python: Quadratic complexity in os.path.expandvars() with user-controlled template (CVE-2025-6075)\n  * cpython: Out-of-memory when loading Plist (CVE-2025-13837)\n  * cpython: Header injection via newlines in data URL mediatype in Python (CVE-2025-15282)\n  * cpython: Header injection in http.cookies.Morsel in Python (CVE-2026-0672)\n  * cpython: CPython: Logging Bypass in Legacy .pyc File Handling (CVE-2026-2297)\n  * cpython: Incomplete control character validation in http.cookies (CVE-2026-3644)\n  * cpython: Stack overflow parsing XML with deeply nested DTD content models (CVE-2026-4224)\n  * python: Python: HTTP header injection via CR/LF in proxy tunnel headers (CVE-2026-1502)\n  * python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)\n  * python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2026:10950",
  "modified": "2026-04-28T13:40:19Z",
  "published": "2026-04-27T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:10950"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-13837"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-15282"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-6075"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-0672"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-1502"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2297"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-3644"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-4224"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-4786"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6100"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395108"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2408891"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2418084"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2431366"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2431374"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2444691"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448168"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448181"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2457409"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2457932"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2458049"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2026-10950.html"
    }
  ],
  "related": [
    "CVE-2025-59375",
    "CVE-2025-6075",
    "CVE-2025-13837",
    "CVE-2025-15282",
    "CVE-2026-0672",
    "CVE-2026-2297",
    "CVE-2026-3644",
    "CVE-2026-4224",
    "CVE-2026-1502",
    "CVE-2026-6100",
    "CVE-2026-4786"
  ],
  "summary": "Important: python3.12 security update"
}

alsa-2026:19064

Vulnerability from osv_almalinux

Published

2026-05-19 00:00

Modified

2026-05-26 12:31

Summary

Important: python3.12 security update

Details

Security Fix(es):

expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)
python: Quadratic complexity in os.path.expandvars() with user-controlled template (CVE-2025-6075)
cpython: Out-of-memory when loading Plist (CVE-2025-13837)
cpython: Header injection via newlines in data URL mediatype in Python (CVE-2025-15282)
cpython: Header injection in http.cookies.Morsel in Python (CVE-2026-0672)
cpython: CPython: Logging Bypass in Legacy .pyc File Handling (CVE-2026-2297)
cpython: Incomplete control character validation in http.cookies (CVE-2026-3644)
cpython: Stack overflow parsing XML with deeply nested DTD content models (CVE-2026-4224)
python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519)
python: Python: HTTP header injection via CR/LF in proxy tunnel headers (CVE-2026-1502)
python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)
python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2026:19064	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-13837	REPORT
	https://access.redhat.com/security/cve/CVE-2025-15282	REPORT
	https://access.redhat.com/security/cve/CVE-2025-59375	REPORT
	https://access.redhat.com/security/cve/CVE-2025-6075	REPORT
	https://access.redhat.com/security/cve/CVE-2026-0672	REPORT
	https://access.redhat.com/security/cve/CVE-2026-1502	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2297	REPORT
	https://access.redhat.com/security/cve/CVE-2026-3644	REPORT
	https://access.redhat.com/security/cve/CVE-2026-4224	REPORT
	https://access.redhat.com/security/cve/CVE-2026-4519	REPORT
	https://access.redhat.com/security/cve/CVE-2026-4786	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6100	REPORT
	https://bugzilla.redhat.com/2395108	REPORT
	https://bugzilla.redhat.com/2408891	REPORT
	https://bugzilla.redhat.com/2418084	REPORT
	https://bugzilla.redhat.com/2431366	REPORT
	https://bugzilla.redhat.com/2431374	REPORT
	https://bugzilla.redhat.com/2444691	REPORT
	https://bugzilla.redhat.com/2448168	REPORT
	https://bugzilla.redhat.com/2448181	REPORT
	https://bugzilla.redhat.com/2449649	REPORT
	https://bugzilla.redhat.com/2457409	REPORT
	https://bugzilla.redhat.com/2457932	REPORT
	https://bugzilla.redhat.com/2458049	REPORT
	https://errata.almalinux.org/10/ALSA-2026-19064.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "python-unversioned-command"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el10_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "python3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el10_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "python3-debug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el10_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "python3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el10_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "python3-idle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el10_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "python3-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el10_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "python3-test"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el10_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "python3-tkinter"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el10_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.  \n\nSecurity Fix(es):  \n\n  * expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)\n  * python: Quadratic complexity in os.path.expandvars() with user-controlled template (CVE-2025-6075)\n  * cpython: Out-of-memory when loading Plist (CVE-2025-13837)\n  * cpython: Header injection via newlines in data URL mediatype in Python (CVE-2025-15282)\n  * cpython: Header injection in http.cookies.Morsel in Python (CVE-2026-0672)\n  * cpython: CPython: Logging Bypass in Legacy .pyc File Handling (CVE-2026-2297)\n  * cpython: Incomplete control character validation in http.cookies (CVE-2026-3644)\n  * cpython: Stack overflow parsing XML with deeply nested DTD content models (CVE-2026-4224)\n  * python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519)\n  * python: Python: HTTP header injection via CR/LF in proxy tunnel headers (CVE-2026-1502)\n  * python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)\n  * python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2026:19064",
  "modified": "2026-05-26T12:31:45Z",
  "published": "2026-05-19T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:19064"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-13837"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-15282"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-6075"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-0672"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-1502"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2297"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-3644"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-4224"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-4519"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-4786"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6100"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395108"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2408891"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2418084"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2431366"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2431374"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2444691"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448168"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448181"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2449649"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2457409"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2457932"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2458049"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/10/ALSA-2026-19064.html"
    }
  ],
  "related": [
    "CVE-2025-59375",
    "CVE-2025-6075",
    "CVE-2025-13837",
    "CVE-2025-15282",
    "CVE-2026-0672",
    "CVE-2026-2297",
    "CVE-2026-3644",
    "CVE-2026-4224",
    "CVE-2026-4519",
    "CVE-2026-1502",
    "CVE-2026-6100",
    "CVE-2026-4786"
  ],
  "summary": "Important: python3.12 security update"
}

alsa-2026:19177

Vulnerability from osv_almalinux

Published

2026-05-19 00:00

Modified

2026-05-26 12:32

Summary

Important: python3.12 security update

Details

Security Fix(es):

expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)
python: Quadratic complexity in os.path.expandvars() with user-controlled template (CVE-2025-6075)
cpython: Out-of-memory when loading Plist (CVE-2025-13837)
cpython: Header injection via newlines in data URL mediatype in Python (CVE-2025-15282)
cpython: Header injection in http.cookies.Morsel in Python (CVE-2026-0672)
cpython: CPython: Logging Bypass in Legacy .pyc File Handling (CVE-2026-2297)
cpython: Incomplete control character validation in http.cookies (CVE-2026-3644)
cpython: Stack overflow parsing XML with deeply nested DTD content models (CVE-2026-4224)
python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519)
python: Python: HTTP header injection via CR/LF in proxy tunnel headers (CVE-2026-1502)
python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)
python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2026:19177	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-13837	REPORT
	https://access.redhat.com/security/cve/CVE-2025-15282	REPORT
	https://access.redhat.com/security/cve/CVE-2025-59375	REPORT
	https://access.redhat.com/security/cve/CVE-2025-6075	REPORT
	https://access.redhat.com/security/cve/CVE-2026-0672	REPORT
	https://access.redhat.com/security/cve/CVE-2026-1502	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2297	REPORT
	https://access.redhat.com/security/cve/CVE-2026-3644	REPORT
	https://access.redhat.com/security/cve/CVE-2026-4224	REPORT
	https://access.redhat.com/security/cve/CVE-2026-4519	REPORT
	https://access.redhat.com/security/cve/CVE-2026-4786	REPORT
	https://access.redhat.com/security/cve/CVE-2026-6100	REPORT
	https://bugzilla.redhat.com/2395108	REPORT
	https://bugzilla.redhat.com/2408891	REPORT
	https://bugzilla.redhat.com/2418084	REPORT
	https://bugzilla.redhat.com/2431366	REPORT
	https://bugzilla.redhat.com/2431374	REPORT
	https://bugzilla.redhat.com/2444691	REPORT
	https://bugzilla.redhat.com/2448168	REPORT
	https://bugzilla.redhat.com/2448181	REPORT
	https://bugzilla.redhat.com/2449649	REPORT
	https://bugzilla.redhat.com/2457409	REPORT
	https://bugzilla.redhat.com/2457932	REPORT
	https://bugzilla.redhat.com/2458049	REPORT
	https://errata.almalinux.org/9/ALSA-2026-19177.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "python3.12"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el9_8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "python3.12-debug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el9_8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "python3.12-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el9_8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "python3.12-idle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el9_8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "python3.12-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el9_8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "python3.12-test"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el9_8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "python3.12-tkinter"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.13-2.el9_8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.  \n\nSecurity Fix(es):  \n\n  * expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)\n  * python: Quadratic complexity in os.path.expandvars() with user-controlled template (CVE-2025-6075)\n  * cpython: Out-of-memory when loading Plist (CVE-2025-13837)\n  * cpython: Header injection via newlines in data URL mediatype in Python (CVE-2025-15282)\n  * cpython: Header injection in http.cookies.Morsel in Python (CVE-2026-0672)\n  * cpython: CPython: Logging Bypass in Legacy .pyc File Handling (CVE-2026-2297)\n  * cpython: Incomplete control character validation in http.cookies (CVE-2026-3644)\n  * cpython: Stack overflow parsing XML with deeply nested DTD content models (CVE-2026-4224)\n  * python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519)\n  * python: Python: HTTP header injection via CR/LF in proxy tunnel headers (CVE-2026-1502)\n  * python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)\n  * python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2026:19177",
  "modified": "2026-05-26T12:32:35Z",
  "published": "2026-05-19T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:19177"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-13837"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-15282"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-6075"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-0672"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-1502"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2297"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-3644"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-4224"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-4519"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-4786"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6100"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2395108"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2408891"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2418084"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2431366"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2431374"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2444691"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448168"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448181"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2449649"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2457409"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2457932"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2458049"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2026-19177.html"
    }
  ],
  "related": [
    "CVE-2025-59375",
    "CVE-2025-6075",
    "CVE-2025-13837",
    "CVE-2025-15282",
    "CVE-2026-0672",
    "CVE-2026-2297",
    "CVE-2026-3644",
    "CVE-2026-4224",
    "CVE-2026-4519",
    "CVE-2026-1502",
    "CVE-2026-6100",
    "CVE-2026-4786"
  ],
  "summary": "Important: python3.12 security update"
}

bit-libpython-2025-13837

Vulnerability from bitnami_vulndb

Published

2025-12-05 11:07

Modified

2026-03-04 14:21

Summary

Out-of-memory when loading Plist

Details

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "libpython",
        "purl": "pkg:bitnami/libpython"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.13.10"
            },
            {
              "introduced": "3.14.0"
            },
            {
              "fixed": "3.14.1"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "type": "CVSS_V4"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-13837"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
    ],
    "severity": "Low"
  },
  "details": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues",
  "id": "BIT-libpython-2025-13837",
  "modified": "2026-03-04T14:21:20.421Z",
  "published": "2025-12-05T11:07:43.325Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/issues/119342"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/pull/119343"
    },
    {
      "type": "WEB",
      "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13837"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111"
    }
  ],
  "schema_version": "1.6.2",
  "summary": "Out-of-memory when loading Plist"
}

bit-python-2025-13837

Vulnerability from bitnami_vulndb

Published

2025-12-05 11:13

Modified

2026-03-04 14:21

Summary

Out-of-memory when loading Plist

Details

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "python",
        "purl": "pkg:bitnami/python"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.13.10"
            },
            {
              "introduced": "3.14.0"
            },
            {
              "fixed": "3.14.1"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "type": "CVSS_V4"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-13837"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
    ],
    "severity": "Low"
  },
  "details": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues",
  "id": "BIT-python-2025-13837",
  "modified": "2026-03-04T14:21:20.421Z",
  "published": "2025-12-05T11:13:08.742Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/issues/119342"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/pull/119343"
    },
    {
      "type": "WEB",
      "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13837"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111"
    }
  ],
  "schema_version": "1.6.2",
  "summary": "Out-of-memory when loading Plist"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-13837 (GCVE-0-2025-13837)

Solutions

Solutions

Solutions

Solutions

Solutions

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from bitnami_vulndb

Vulnerability from bitnami_vulndb

Tags

Sightings

Nomenclature