RHEL 8 : python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python: Nested zip file Zip bomb vulnerability in Lib/zipfile.py CVE-2019-9674 - Modules/pickle.c in Pyth...

Denial Of Service (DoS)

python is vulnerable to denial of service DoS. The vulnerability exists through an integer overflow in Modules/pickle.c, allowing for memory exhaustion when serializing gigabytes of data...

CVE-2018-20406

Modules/pickle.c in Python before 3.7.1 has an integer overflow via a large LONGBINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of...

Amazon Linux AMI : python34 (ALAS-2019-1202)

Python is affected by improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack...

PSF-2018-6 pickle.load denial of service

Modules/pickle.c in Python before 3.7.1 has an integer overflow via a large LONGBINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of...

CVE-2018-20406

CVE-2018-20406 affects Python’s pickle handling: an integer overflow in Modules/_pickle.c when resizing with a large LONG_BINPUT can cause memory exhaustion. The issue is triggered when serializing tens-to-hundreds of gigabytes of data via pickle. Affected Python versions include older 3.x branch...

Internet Bug Bounty: Integer overflow in _pickle.c

https://bugs.python.org/issue24521...