Search CVE reports
91 – 96 of 96 results
Some fixes available 8 of 9
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
6 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.3 | — | — | — | — |
| python3.4 | — | — | — | — |
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.
3 affected packages
python2.7, python3.2, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.7 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.4 | — | — | — | — |
Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3)...
6 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.3 | — | — | — | — |
| python3.4 | — | — | — | — |
The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.
3 affected packages
python2.7, python3.2, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.7 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.4 | — | — | — | — |
Some fixes available 4 of 8
Rejected reason: Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4,...
3 affected packages
python2.7, python3.2, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.7 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.4 | — | — | — | — |
Some fixes available 2 of 28
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR...
16 affected packages
python2.3, python2.4, python2.5, python2.6, python3.0...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.3 | — | — | — | — |
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| python3.0 | — | — | — | — |
| python3.1 | — | — | — | — |
| python2.7 | — | Ignored | Not in release | Ignored |
| python3.4 | — | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release |
| python3.6 | — | Not in release | Not in release | Ignored |
| python3.7 | — | Not in release | Not in release | Ignored |
| python3.8 | — | Not in release | Ignored | Ignored |
| python3.9 | — | Not in release | Not in release | Not in release |
| python3.10 | — | Fixed | Not in release | Not in release |
| python3.11 | — | Ignored | Not in release | Not in release |
| python3.12 | — | Not in release | Not in release | Not in release |