Python Software Foundation Cpython vulnerabilities

CVE-2024-7592 [HIGH] CWE-400 CVE-2024-7592: There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard li There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

CVE-2024-6923 [MEDIUM] CWE-94 CVE-2024-6923: There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.

CVE-2024-3219 [MEDIUM] CWE-306 CVE-2024-3219: The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platfo The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user,

CVE-2024-5535 [CRITICAL] CWE-125 CVE-2024-5535: Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in

CVE-2024-5642 [CRITICAL] Buffer overread when using an empty list with SSLContext.set_npn_protocols() Buffer overread when using an empty list with SSLContext.set_npn_protocols() CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely us

CVE-2024-0397 [HIGH] CWE-362 CVE-2024-0397: A defect was discovered in the Python “ssl” module where there is a memory race condition with the s A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory c

CVE-2024-4032 [HIGH] CWE-697 CVE-2024-4032: The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned i

CVE-2024-4030 [HIGH] CWE-276 CVE-2024-4030: On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restr On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions. If you’r

CVE-2023-6597 [HIGH] CVE-2023-6597: An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.1 An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files refe

CVE-2024-0450 [MEDIUM] CWE-405 CVE-2024-0450: An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.1 An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which ov

CVE-2023-6507 [MEDIUM] CWE-269 CVE-2023-6507: An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the o