EUVD-2022-51262

Malicious code in bioql PyPI...

BIT-PYTHON-MIN-2022-48566

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

EulerOS Virtualization 3.0.6.0 : python2 (EulerOS-SA-2024-1697)

According to the versions of the python2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A use-after-free exists in Python through 3.9 via heappushpop in heapq. CVE-2022-48560 - An XML External Entity XXE issue was...

Updated python python3 packages fix security vulnerabilities

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

EulerOS 2.0 SP8 : python2 (EulerOS-SA-2024-1290)

According to the versions of the python2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free exists in Python through 3.9 via heappushpop in heapq. CVE-2022-48560 - An XML External Entity XXE issue was discovered in...

BIT-PYTHON-2022-48566

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

EulerOS 2.0 SP5 : python (EulerOS-SA-2024-1160)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free exists in Python through 3.9 via heappushpop in heapq. CVE-2022-48560 - An XML External Entity XXE issue was discovered in Pyth...

Medium: python

Issue Overview: An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest. CVE-2022-48566 Affected Packages: python Note: This advisory is applicable to Amazon Linux 2 AL2...

Amazon Linux 2 : python (ALAS-2024-2400)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2400 advisory. An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possibl...

SUSE SLES15 / openSUSE 15 Security Update : python (SUSE-SU-2023:4220-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4220-1 advisory. - An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity...

CLSA-2023-1697556743 Fix CVE(s): CVE-2022-48566

SECURITY UPDATE: Constant-time-defeating optimisations issue - debian/patches/CVE-2022-48566.patch: Make comparedigest more constant-time - CVE-2022-48566...

CLSA-2023-1697466063 python2: Fix of CVE-2022-48566

CVE-2022-48566: Make comparedigest more constant-time...

Timing Attack

python is vulnerable to Timing Attack. The vulnerability is caused by a loophole in hmac.comparedigest function making it deviate from constant time operation. An attacker can mount a timing attack by exploiting the accumulator variable result in the hmac.comparedigest function...

SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2023:4001-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4001-1 advisory. - An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accep...

Amazon Linux 2 : python38 (ALASPYTHON3.8-2023-007)

The version of python38 installed on the remote host is prior to 3.8.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PYTHON3.8-2023-007 advisory. 2024-01-19: CVE-2022-48566 was added to this advisory. A flaw was found in python. In algorithms with quadratic...

Ubuntu 16.04 ESM / 18.04 ESM : Python vulnerability (USN-6400-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6400-1 advisory. It was discovered that Python did not properly provide constant-time processing for a crypto operation. An attacker could possibly use this issue to...

OESA-2023-1639 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

CVE-2022-48566

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

CVE-2022-48566

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

CVE-2022-48566

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...