Lucene search

K
redosRedosROS-20240409-02
HistoryApr 09, 2024 - 12:00 a.m.

ROS-20240409-02

2024-04-0900:00:00
redos.red-soft.ru
9
python programming language
hmac.compare_digest
plistlib module
vulnerability
xml
xxe attack
remote attacker
privilege escalation
synchronization errors
resource initialization
unix

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.0%

Vulnerability of the hmac.compare_digest function of the Lib/hmac.py library of the programming language interpreter
Python is related to synchronization errors when using a shared resource (β€œRace Situation”).
Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges

A vulnerability in the Python programming language interpreter is related to incorrect resource initialization.
Exploitation of the vulnerability could allow a remote intruder to disclose protected information
information

Vulnerability in the plistlib module of the Python programming language interpreter is related to incorrect restriction of XML links to external objects.
XML links to external objects. Exploitation of the vulnerability could allow an attacker acting remotely to conduct an XXE attack.
remotely to conduct XXE attacks

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64python3<=Β 3.8.18-1UNKNOWN

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.0%