Python@3.2.2 Security Vulnerabilities and Issues — Python@3.2.2 CVE List

Lucene search

PythonPython3.2.2

9 matches found

CVE•added 2014/11/16 1:59 a.m.•494 views

CVE-2014-2667

Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the exp...

3.3CVSS7.1AI score0.00046EPSS

CVE•added 2016/09/02 2:59 p.m.•455 views

CVE-2016-5636

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

10CVSS8.2AI score0.66935EPSS

CVE•added 2014/12/12 11:59 a.m.•425 views

CVE-2014-9365

The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in th...

5.8CVSS7.1AI score0.02121EPSS

CVE•added 2014/05/19 2:55 p.m.•352 views

CVE-2013-7040

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption...

4.3CVSS8.2AI score0.01845EPSS

CVE•added 2014/03/01 12:55 a.m.•286 views

CVE-2014-1912

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

7.5CVSS8AI score0.24967EPSS

CVE•added 2016/09/02 2:59 p.m.•244 views

CVE-2016-5699

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.

6.1CVSS6.6AI score0.10836EPSS

Web

CVE•added 2016/09/02 2:59 p.m.•206 views

CVE-2016-0772

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block...

6.5CVSS6.5AI score0.06978EPSS

CVE•added 2013/10/09 2:53 p.m.•158 views

CVE-2013-2099

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcar...

4.3CVSS6AI score0.04209EPSS

CVE•added 2016/06/07 6:59 p.m.•70 views

CVE-2013-7440

The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

5.9CVSS5.3AI score0.00383EPSS