CVE-2025-22153 try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using try/except, RestrictedPython starting...

BIT-PYTHON-MIN-2024-6923 Email header injection due to unquoted newlines

There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized...

BIT-PYTHON-MIN-2024-7592 Quadratic complexity parsing cookies with backslashes

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

BIT-PYTHON-MIN-2024-9287 Virtual environment (venv) activation scripts don't quote paths

A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2024-757)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-757 advisory. There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted...

PT-2024-39544

Name of the Vulnerable Software and Affected Versions CPython versions prior to 3.13.0 Description A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into...

PT-2024-7268

Name of the Vulnerable Software and Affected Versions: CPython versions prior to 3.13.0 Description: The issue is related to the 'http.cookies' standard library module in CPython. When parsing cookies that contain backslashes for quoted characters in the cookie value, the parser uses an algorithm...

CVE-2024-3219 Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection

The “socket” module provides a pure-Python fallback to the socket.socketpair function for platforms that don’t support AFUNIX, such as Windows. This pure-Python implementation uses AFINET or AFINET6 to create a local connected pair of sockets. The connection between the two sockets was not verifi...

PT-2024-24457 · Python +1 · Cpython +1

Name of the Vulnerable Software and Affected Versions: CPython versions 3.5 through latest Description: The issue arises from the "socket" module's pure-Python fallback for the socket.socketpair function on platforms that don't support AF UNIX, such as Windows. This implementation uses AF INET or...

cpython-json (>=0.1.0 <=0.3.0), crowbar (>=0.1.0 <=0.2.0) +33 more potentially affected by unknown CVE via cpython (>=0.1.0 <=0.7.2)

cpython CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =2.0.0-beta, =0.1.0, =0.0.0, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.2.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0076...

Heap overflow

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function asciidecode at /Objects/unicodeobject.c...

Python < 2.7.14, 3.4.x < 3.4.8, 3.5.x < 3.5.5 PyString_DecodeEscape integer overflow (bpo-30657) - Linux

CPython aka Python is prone to an integer overflow vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Python < 2.7.14, 3.4.x < 3.4.8, 3.5.x < 3.5.5 PyString_DecodeEscape integer overflow (bpo-30657) - Windows

CPython aka Python is prone to an integer overflow vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

The vulnerability of the cPython programming language, related to deficiencies in HTTP request processing, allows attackers to compromise data integrity or cause service failures.

The vulnerability of the cPython programming language in Python is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to compromise data integrity or cause service failures...

CVE-2021-23336 Web Cache Poisoning

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2017-1334)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the PyString_DecodeEscape function in the Python programming language interpreter (CPython) allows a hacker to execute arbitrary code.

The vulnerability of the PyStringDecodeEscape function in the “stringobject.c” file of the Python programming language interpreter CPython is related to integer overflow, which can lead to buffer overflow. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

CPython 'PyString_DecodeEscape' function integer overflow vulnerability

Python is a set of open-source, object-oriented programming languages from the Python Software Foundation that are extensible, support modules and packages, and support multiple platforms.CPython also known as Python is a Python interpreter implemented in C. It is used in the Python language. An...

EUVD-2016-0788

The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block...