Debian Python2.7 vulnerabilities

CVE-2018-1000030 [LOW] CVE-2018-1000030: python2.7 - Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-Afte... Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially

CVE-2017-1000158 [CRITICAL] CVE-2017-1000158: python2.7 - CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the Py... CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) Scope: local bullseye: resolved (fixed in 2.7.13-4)

CVE-2017-17522 [HIGH] CVE-2017-17522: jython - Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launc... Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default she

CVE-2016-5636 [CRITICAL] CVE-2016-5636: python2.7 - Integer overflow in the get_data function in zipimport.c in CPython (aka Python)... Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. Scope: local bullseye: resolved (fixed in 2.7.12~rc1-1)

CVE-2016-5699 [MEDIUM] CVE-2016-5699: python2.7 - CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2... CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. Scope: local bullseye: resolved (fixed in 2.7.10~rc1-1)

CVE-2016-0772 [MEDIUM] CVE-2016-0772: python2.7 - The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and... The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." Scope: lo

CVE-2016-1000110 [MEDIUM] CVE-2016-1000110: python2.7 - The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_P... The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. Scope: local bullseye: resolved (fixed in 2.7.12-2)

CVE-2015-20107 [HIGH] CVE-2015-20107: pypy3 - In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape cha... In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

CVE-2014-4616 [MEDIUM] CVE-2014-4616: python2.7 - Array index error in the scanstring function in the _json module in Python 2.7 t... Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function. Scope: local bullseye: resolved (fixed in 2.7.7-1)

CVE-2014-9365 [MEDIUM] CVE-2014-9365: python2.7 - The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib ... The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.50

CVE-2014-7185 [MEDIUM] CVE-2014-7185: python2.7 - Integer overflow in bufferobject.c in Python before 2.7.8 allows context-depende... Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. Scope: local bullseye: resolved (fixed in 2.7.8-1)

CVE-2014-2667 [LOW] CVE-2014-2667: python2.7 - Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 throu... Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. Scope: local bullseye: resolved

CVE-2014-4650 [CRITICAL] CVE-2014-4650: python2.7 - The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs... The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. Scope: local bullseye: resolved (fixed

CVE-2014-1912 [HIGH] CVE-2014-1912: python2.7 - Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c i... Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. Scope: local bullseye: resolved (fixed in 2.7.6-6)

CVE-2013-7440 [MEDIUM] CVE-2013-7440: python2.7 - The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x bef... The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. Scope: local bullseye: resolved (fixed in 2.7.9-1)

CVE-2013-4238 [MEDIUM] CVE-2013-4238: python2.7 - The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does... The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE

CVE-2013-7338 [HIGH] CVE-2013-7338: python2.7 - Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (in... Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function. Scope: local bullseye: resolved

CVE-2013-7040 [MEDIUM] CVE-2013-7040: python2.7 - Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize h... Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

CVE-2013-1753 [HIGH] CVE-2013-1753: python2.7 - The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier ... The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. Scope: local bullseye: resolved (fixed in 2.7.9-1)

CVE-2013-2099 [MEDIUM] CVE-2013-2099: bzr - Algorithmic complexity vulnerability in the ssl.match_hostname function in Pytho... Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate. Scope: local bookworm: