CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
96.8%
Updated python and python3 packages fix security vulnerabilities: Python 2 and 3 are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616). The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script’s source code or execute arbitrary scripts in the server’s document root (CVE-2014-4650).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | python | < 2.7.6-1.2 | python-2.7.6-1.2.mga3 |
Mageia | 3 | noarch | python3 | < 3.3.0-4.9 | python3-3.3.0-4.9.mga3 |
Mageia | 4 | noarch | python | < 2.7.6-1.2 | python-2.7.6-1.2.mga4 |
Mageia | 4 | noarch | python3 | < 3.3.2-13.4 | python3-3.3.2-13.4.mga4 |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
96.8%