AIX is affected by security restrictions bypass due to Python

IBM SECURITY ADVISORY First Issued: Fri Aug 18 09:49:04 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/pythonadvisory5.asc Security Bulletin: AIX is affected by security restrictions bypass CVE-2023-24329 due to Python...

CVE-2023-38898

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the asyncio.swapcurrenttask component. NOTE: this is disputed by the vendor because 1 neither 3.7 nor any other release is affected it is a bug in some 3.12 pre-releases; 2 there are no common scenarios in whi...

CVE-2023-38898

CVE-2023-38898 involves CPython’s asyncio._swap_current_task in Python 3.7 and could allow an attacker to obtain sensitive information. The vendor disputes that 3.7 (or any release) is affected and notes no common exploit scenarios; multiple OSV entries and vendor advisories corroborate the claim...

PYSEC-2023-112

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...

PT-2023-9652 · Python +6 · Python +6

Name of the Vulnerable Software and Affected Versions: Python versions 3.11 through 3.11.4 Description: The issue is related to the os.path.normpath function, which truncates a path unexpectedly at the first '0' byte if such bytes are present in the path. This could lead to security issues, as...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Python

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Python. Vulnerability Details CVEID:CVE-2022-45061 DESCRIPTION: Python is vulnerable to a denial of service, caused by an unnecessary quadratic algorithm exists in one path when processing some inpu...

CVE-2023-33595

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function asciidecode at /Objects/unicodeobject.c...

PT-2023-24400 · Python · Cpython

Name of the Vulnerable Software and Affected Versions: CPython version 3.12.0 alpha 7 Description: A heap use-after-free issue was discovered via the function ascii decode at /Objects/unicodeobject.c. Recommendations: For CPython version 3.12.0 alpha 7, consider disabling the ascii decode functio...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : Python vulnerability (USN-6139-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6139-1 advisory. Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could use this issue to bypass...

Fedora 37 : python3.11 (2023-63c69aa712)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-63c69aa712 advisory. Fix for CVE-2023-24329 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

AlmaLinux 8 : python27:2.7 (ALSA-2023:2860)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:2860 advisory. Python: CPU denial of service via inefficient IDNA decoder CVE-2022-45061 Tenable has extracted the preceding description block directly from the AlmaLinux securit...

python: CPU denial of service via inefficient IDNA decoder

A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA RFC 3490 decoder, such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be...

python: open redirection vulnerability in lib/http/server.py may lead to information disclosure

A vulnerability was found in python. This security flaw causes an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of the URI path. This issue may lead to information disclosure...

PT-2023-35806 · Python · Python

Name of the Vulnerable Software and Affected Versions: Python affected versions not specified Description: The issue is related to a heap buffer overflow error. Technical details about the error include the crash type being a Heap-buffer-overflow WRITE 1. The crash state involves several function...

PT-2023-35796 · Python · Python

Name of the Vulnerable Software and Affected Versions: Python affected versions not specified Description: The issue is related to a heap buffer overflow error. Technical details about the error include the crash type being a Heap-buffer-overflow WRITE 1. The crash state involves several function...

PT-2023-35789 · Python · Python

Name of the Vulnerable Software and Affected Versions: Python affected versions not specified Description: The issue is related to a heap-buffer-overflow read error. It occurs in the unicode decode utf8 function, which is called by PyUnicode DecodeUTF8 and PyPegen formatted value. Recommendations...

Python 输入验证错误漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. An input validation error vulnerability exists in Python versions prior to 2.7.18, and versions 3.x through 3.11,...

PT-2023-4573

Name of the Vulnerable Software and Affected Versions Python versions 0 through 2.7.18 Python versions 3.x through 3.11.3 Description The email module of Python incorrectly parses e-mail addresses that contain a special character, allowing attackers to bypass protection mechanisms. This can be...

Rocky Linux 9 : python3.9 (RLSA-2023:0953)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0953 advisory. - An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder...

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to a bypass vulnerability due to the use of Python (CVE-2023-24329)

Summary A publicly disclosed vulnerability in Python affects IBM Tivoli Application Dependency Discovery Manager CVE-2023-24329 Vulnerability Details CVEID:CVE-2023-24329 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by a flaw in the urllib.parse...