├── .gitignore
├── .readthedocs.yaml
├── Makefile
├── README.rst
├── bugs.txt
├── commit_dates.txt
├── commit_tags.txt
├── conf.py
├── config.ini.template
├── cve
├── CVE-2007-4965.json
├── CVE-2008-1679.json
├── CVE-2008-1721.json
├── CVE-2008-1887.json
├── CVE-2008-2315.json
├── CVE-2008-2316.json
├── CVE-2008-3142.json
├── CVE-2008-3143.json
├── CVE-2008-3144.json
├── CVE-2008-4864.json
├── CVE-2008-5031.json
├── CVE-2009-4134.json
├── CVE-2010-1449.json
├── CVE-2010-1450.json
├── CVE-2010-1634.json
├── CVE-2010-2089.json
├── CVE-2010-3492.json
├── CVE-2010-3493.json
├── CVE-2011-1015.json
├── CVE-2011-1521.json
├── CVE-2011-3389.json
├── CVE-2011-4940.json
├── CVE-2011-4944.json
├── CVE-2012-0845.json
├── CVE-2012-0876.json
├── CVE-2012-1150.json
├── CVE-2012-2135.json
├── CVE-2013-0340.json
├── CVE-2013-1752.json
├── CVE-2013-1753.json
├── CVE-2013-2099.json
├── CVE-2013-4238.json
├── CVE-2013-7040.json
├── CVE-2013-7338.json
├── CVE-2013-7440.json
├── CVE-2014-1912.json
├── CVE-2014-2667.json
├── CVE-2014-4616.json
├── CVE-2014-7185.json
├── CVE-2014-9365.json
├── CVE-2015-1283.json
├── CVE-2015-20107.json
├── CVE-2016-0718.json
├── CVE-2016-0772.json
├── CVE-2016-1000110.json
├── CVE-2016-2183.json
├── CVE-2016-3189.json
├── CVE-2016-4472.json
├── CVE-2016-5636.json
├── CVE-2016-5699.json
├── CVE-2016-9063.json
├── CVE-2016-9840.json
├── CVE-2016-9841.json
├── CVE-2016-9842.json
├── CVE-2016-9843.json
├── CVE-2017-1000158.json
├── CVE-2017-9233.json
├── CVE-2018-1000030.json
├── CVE-2018-1000117.json
├── CVE-2018-1060.json
├── CVE-2018-1061.json
├── CVE-2018-14647.json
├── CVE-2018-20406.json
├── CVE-2018-25032.json
├── CVE-2019-10160.json
├── CVE-2019-12900.json
├── CVE-2019-16056.json
├── CVE-2019-16935.json
├── CVE-2019-18348.json
├── CVE-2019-20907.json
├── CVE-2019-5010.json
├── CVE-2019-9636.json
├── CVE-2019-9740.json
├── CVE-2019-9947.json
├── CVE-2019-9948.json
├── CVE-2020-10735.json
├── CVE-2020-14422.json
├── CVE-2020-15523.json
├── CVE-2020-26116.json
├── CVE-2020-27619.json
├── CVE-2020-8315.json
├── CVE-2020-8492.json
├── CVE-2021-23336.json
├── CVE-2021-28861.json
├── CVE-2021-29921.json
├── CVE-2021-3177.json
├── CVE-2021-3426.json
├── CVE-2021-3733.json
├── CVE-2021-3737.json
├── CVE-2022-0391.json
├── CVE-2022-37454.json
├── CVE-2022-42919.json
├── CVE-2022-45061.json
├── CVE-2023-24329.json
└── CVE-2023-27043.json
├── index.rst
├── make.bat
├── packages.rst
├── pep8.sh
├── pypi-vuln
├── 2022-05-24-ctx-domain-takeover-chart.png
├── index-2017-10-12-unchecked_file_deletion.rst
├── index-2017-11-08-pypirc_exposure_on_github.rst
├── index-2020-01-05-authentication_method_flaws.rst
├── index-2020-02-22-upload_endpoint_csrf.rst
├── index-2021-06-15-unintended-deployments.rst
├── index-2021-07-26-legacy-document-deletion.rst
├── index-2021-07-27-combine-prs-workflow.rst
├── index-2021-07-27-role-deletion.rst
└── index-2022-05-24-ctx-domain-takeover.rst
├── python_releases.txt
├── render_doc.py
├── requirements.txt
├── security.rst
├── setup.py
├── ssl.rst
├── venv.sh
└── vulnerabilities.yaml
/.gitignore:
--------------------------------------------------------------------------------
1 | build/
2 | venv/
3 | *.py[cod]
4 | *.swp
5 | # file generated by render_doc.py
6 | vulnerabilities.rst
7 | vuln/
8 | # downlaoded by render_doc.py to create the venv
9 | get-pip.py
10 | # configuration file
11 | config.ini
12 | .vscode/
--------------------------------------------------------------------------------
/.readthedocs.yaml:
--------------------------------------------------------------------------------
1 | # Read the Docs configuration file
2 | # See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
3 |
4 | version: 2
5 |
6 | build:
7 | os: ubuntu-22.04
8 | tools:
9 | python: "3.11"
10 |
11 | sphinx:
12 | configuration: conf.py
13 |
14 | # run "python setup.py" which runs render_doc.py
15 | python:
16 | install:
17 | - requirements: requirements.txt
18 | - method: setuptools
19 | path: .
20 |
--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
1 | # You can set these variables from the command line.
2 | SPHINXOPTS =
3 | SPHINXBUILD = ./venv/bin/sphinx-build
4 | SPHINXPROJ = PythonSecurity
5 | SOURCEDIR = .
6 | BUILDDIR = build
7 |
8 | .PHONY: html
9 |
10 | html: vulnerabilities.rst
11 | @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
12 |
13 | venv:
14 | ./venv.sh
15 |
16 | vulnerabilities.rst: venv render_doc.py vulnerabilities.yaml venv python_releases.txt
17 | ./venv/bin/python render_doc.py
18 |
19 | update: venv
20 | ./venv/bin/python render_doc.py update
21 |
22 | clean:
23 | rm -rf vulnerabilities.rst build/ venv/ vuln/
24 |
--------------------------------------------------------------------------------
/README.rst:
--------------------------------------------------------------------------------
1 | Python Security documentation: http://python-security.readthedocs.io/
2 |
3 | Input files:
4 |
5 | * ``vulnerabilities.yml``: Python vulnerabilities 2007-2017, see the commented
6 | template at the end to add a new entry
7 | * ``python_releases.txt``: Python release dates 2.5.0-3.6.0
8 |
9 | Cache files:
10 |
11 | * ``commit_dates.txt``
12 | * ``commit_tags.txt``
13 |
14 | Build the doc::
15 |
16 | make
17 |
18 | After a release, get new commit tags using::
19 |
20 | make update
21 |
22 | Update needs a configuration file ``config.ini``, see ``config.ini.template``::
23 |
24 | [config]
25 | bpo_username = LOGIN
26 | bpo_password = PASSWORD
27 | # Git checkout of https://github.com/python/cpython/
28 | python_srcdir = /path/to/python
29 |
30 | For a X.Y.0 release, add X.Y to ``MAINTAINED_BRANCHES`` of ``render_doc.py``.
31 |
32 | Build without Makefile::
33 |
34 | ./venv.sh
35 | ./venv/bin/python render_doc.py
36 | sphinx-build -M html . build
37 |
38 | For ReadTheDocs.org, other files are used:
39 |
40 | * ``requirements.txt``
41 | * ``setup.py``: run render_doc.py
42 |
--------------------------------------------------------------------------------
/bugs.txt:
--------------------------------------------------------------------------------
1 | bpo-11442:
2 | author: Guido van Rossum
3 | date: 2011-03-08 19:05:14
4 | title: list_directory() in SimpleHTTPServer.py should add charset=... to Content-type
5 | header
6 | bpo-11662:
7 | author: Guido van Rossum
8 | date: 2011-03-24 15:06:56
9 | title: Redirect vulnerability in urllib/urllib2
10 | bpo-1179:
11 | author: Ismail Donmez
12 | date: 2007-09-19 01:02:34
13 | title: '[CVE-2007-4965] Integer overflow in imageop module'
14 | bpo-13512:
15 | author: Vincent Danen
16 | date: 2011-11-30 23:23:22
17 | title: ~/.pypirc created insecurely
18 | bpo-13703:
19 | author: Barry A. Warsaw
20 | date: 2012-01-03 19:36:49
21 | title: Hash collision security issue
22 | bpo-13885:
23 | author: Antoine Pitrou
24 | date: 2012-01-27 08:25:52
25 | title: 'CVE-2011-3389: _ssl module always disables the CBC IV attack countermeasure'
26 | bpo-14001:
27 | author: Jan Lieskovsky
28 | date: 2012-02-13 13:45:32
29 | title: 'CVE-2012-0845 Python v2.7.2 / v3.2.2 (SimpleXMLRPCServer): DoS (excessive
30 | CPU usage) by processing malformed XMLRPC / HTTP POST request'
31 | bpo-14579:
32 | author: Serhiy Storchaka
33 | date: 2012-04-14 18:46:02
34 | title: 'CVE-2012-2135: Vulnerability in the utf-16 decoder after error handling'
35 | bpo-14621:
36 | author: Vlado Boza
37 | date: 2012-04-19 17:58:08
38 | title: Hash function is not randomized properly
39 | bpo-16038:
40 | author: Christian Heimes
41 | date: 2012-09-25 10:32:54
42 | title: 'ftplib: unlimited readline() from connection'
43 | bpo-16039:
44 | author: Christian Heimes
45 | date: 2012-09-25 10:36:09
46 | title: 'imaplib: unlimited readline() from connection'
47 | bpo-16040:
48 | author: Christian Heimes
49 | date: 2012-09-25 10:38:44
50 | title: 'nntplib: unlimited readline() from connection'
51 | bpo-16041:
52 | author: Christian Heimes
53 | date: 2012-09-25 10:39:22
54 | title: 'poplib: unlimited readline() from connection'
55 | bpo-16042:
56 | author: Christian Heimes
57 | date: 2012-09-25 10:40:09
58 | title: 'smtplib: unlimited readline() from connection'
59 | bpo-16043:
60 | author: Christian Heimes
61 | date: 2012-09-25 10:52:06
62 | title: 'xmlrpc: gzip_decode has unlimited read()'
63 | bpo-17980:
64 | author: Florian Weimer
65 | date: 2013-05-15 10:25:06
66 | title: "CVE-2013-2099 ssl.match_hostname() trips over crafted\twildcard names"
67 | bpo-17997:
68 | author: Christian Heimes
69 | date: 2013-05-17 14:04:53
70 | title: 'ssl.match_hostname(): sub string wildcard should not match IDNA prefix'
71 | bpo-18709:
72 | author: Christian Heimes
73 | date: 2013-08-12 11:32:51
74 | title: SSL module fails to handle NULL bytes inside subjectAltNames general names
75 | (CVE-2013-4238)
76 | bpo-19435:
77 | author: Alexander Kruppa
78 | date: 2013-10-29 16:34:01
79 | title: Directory traversal attack for CGIHTTPRequestHandler
80 | bpo-20078:
81 | author: Nandiya
82 | date: 2013-12-27 02:11:15
83 | title: zipfile - ZipExtFile.read goes into 100% CPU infinite loop on maliciously
84 | binary edited zips
85 | bpo-20246:
86 | author: Ryan Smith-Roberts
87 | date: 2014-01-14 00:43:59
88 | title: buffer overflow in socket.recvfrom_into
89 | bpo-21082:
90 | author: Ryan Lortie
91 | date: 2014-03-28 07:04:05
92 | title: 'os.makedirs(exist_ok=True) is not thread-safe: umask is set temporary
93 | to 0, serious security problem'
94 | bpo-21529:
95 | author: Benjamin Peterson
96 | date: 2014-05-19 00:40:48
97 | title: 'JSON module: reading arbitrary process memory'
98 | bpo-21831:
99 | author: Benjamin Peterson
100 | date: 2014-06-24 03:11:22
101 | title: integer overflow in 'buffer' type allows reading memory
102 | bpo-22417:
103 | author: Nick Coghlan
104 | date: 2014-09-15 12:34:29
105 | title: 'PEP 476: verify HTTPS certificates by default'
106 | bpo-2254:
107 | author: sumar
108 | date: 2008-03-07 19:59:43
109 | title: Python CGIHTTPServer information disclosure
110 | bpo-22928:
111 | author: Guido Vranken
112 | date: 2014-11-24 02:50:23
113 | title: HTTP header injection in urrlib2/urllib/httplib/http.client (CVE-2016-5699)
114 | bpo-24778:
115 | author: Bernd Dietzel
116 | date: 2015-08-02 08:25:06
117 | title: '[CVE-2015-20107] mailcap.findmatch: document shell command Injection danger
118 | in filename parameter'
119 | bpo-26171:
120 | author: Insu Yun
121 | date: 2016-01-21 03:52:31
122 | title: heap overflow in zipimporter module
123 | bpo-2620:
124 | author: Justin Ferguson
125 | date: 2008-04-11 22:35:34
126 | title: Multiple buffer overflows in unicode processing
127 | bpo-26556:
128 | author: Christian Heimes
129 | date: 2016-03-14 10:31:35
130 | title: Update expat to 2.1.1
131 | bpo-26657:
132 | author: Thomas
133 | date: 2016-03-28 15:30:14
134 | title: Directory traversal with http.server and SimpleHTTPServer on windows
135 | bpo-27568:
136 | author: "R\xE9mi Rampin"
137 | date: 2016-07-18 22:30:13
138 | title: '"HTTPoxy", use of HTTP_PROXY flag supplied by attacker in CGI scripts'
139 | bpo-27850:
140 | author: Christian Heimes
141 | date: 2016-08-24 13:43:47
142 | title: Remove 3DES from cipher list (sweet32 CVE-2016-2183)
143 | bpo-28563:
144 | author: Carl Ekerot
145 | date: 2016-10-30 16:58:40
146 | title: Arbitrary code execution in gettext.c2py
147 | bpo-29169:
148 | author: Matthias Klose
149 | date: 2017-01-05 15:11:35
150 | title: update zlib to 1.2.11
151 | bpo-29591:
152 | author: Natanael Copa
153 | date: 2017-02-17 15:39:39
154 | title: 'expat 2.2.0: Various security vulnerabilities in bundled expat (CVE-2016-0718
155 | and CVE-2016-4472)'
156 | bpo-29778:
157 | author: Tibor Csonka
158 | date: 2017-03-10 04:58:17
159 | title: '[CVE-2020-15523] _Py_CheckPython3 uses uninitialized dllpath when embedder
160 | sets module path with Py_SetPath'
161 | bpo-30119:
162 | author: Dong-hee Na
163 | date: 2017-04-20 17:57:20
164 | title: (ftplib) A remote attacker could possibly attack by containing the newline
165 | characters
166 | bpo-30458:
167 | author: Orange
168 | date: 2017-05-24 15:01:31
169 | title: '[security][CVE-2019-9740][CVE-2019-9947] HTTP Header Injection (follow-up
170 | of CVE-2016-5699)'
171 | bpo-30500:
172 | author: Nam Nguyen
173 | date: 2017-05-29 04:04:11
174 | title: '[security] urllib connects to a wrong host'
175 | bpo-30657:
176 | author: Jay Bosamiya
177 | date: 2017-06-13 15:35:28
178 | title: '[security] CVE-2017-1000158: Unsafe arithmetic in PyString_DecodeEscape'
179 | bpo-30694:
180 | author: Ned Deily
181 | date: 2017-06-18 03:01:26
182 | title: Update embedded copy of expat to 2.2.1
183 | bpo-30730:
184 | author: Serhiy Storchaka
185 | date: 2017-06-22 08:06:59
186 | title: '[security] Injecting environment variable in subprocess on Windows'
187 | bpo-30947:
188 | author: STINNER Victor
189 | date: 2017-07-17 14:18:15
190 | title: Update embeded copy of libexpat from 2.2.1 to 2.2.3
191 | bpo-31530:
192 | author: STINNER Victor
193 | date: 2017-09-20 13:27:12
194 | title: 'CVE-2018-1000030: Python 2.7 readahead feature of file objects is not
195 | thread safe'
196 | bpo-32981:
197 | author: James Davis
198 | date: 2018-03-02 00:36:19
199 | title: Catastrophic backtracking in poplib (CVE-2018-1060) and difflib (CVE-2018-1061)
200 | bpo-33001:
201 | author: Steve Dower
202 | date: 2018-03-05 18:04:42
203 | title: Buffer overflow vulnerability in os.symlink on Windows (CVE-2018-1000117)
204 | bpo-33529:
205 | author: Rad164
206 | date: 2018-05-16 00:12:26
207 | title: '[security] Infinite loop on folding email (_fold_as_ew()) if an header
208 | has no spaces'
209 | bpo-34155:
210 | author: "Cyril Nicod\xE8me"
211 | date: 2018-07-19 14:53:43
212 | title: '[CVE-2019-16056] email.utils.parseaddr mistakenly parse an email'
213 | bpo-34623:
214 | author: Christian Heimes
215 | date: 2018-09-10 22:47:44
216 | title: _elementtree.c doesn't call XML_SetHashSalt()
217 | bpo-34656:
218 | author: shuoz
219 | date: 2018-09-13 04:38:46
220 | title: '[CVE-2018-20406] memory exhaustion in Modules/_pickle.c:1393'
221 | bpo-34791:
222 | author: Christian Heimes
223 | date: 2018-09-24 16:47:30
224 | title: xml package does not obey sys.flags.ignore_environment
225 | bpo-35647:
226 | author: Karthikeyan Singaravelan
227 | date: 2019-01-03 07:59:56
228 | title: Cookie path check returns incorrect results
229 | bpo-35746:
230 | author: Cisco Talos
231 | date: 2019-01-15 16:24:28
232 | title: '[ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service'
233 | bpo-35907:
234 | author: Sihoon Lee
235 | date: 2019-02-06 08:19:50
236 | title: '[security][CVE-2019-9948] Unnecessary URL scheme exists to allow local_file://
237 | reading file in urllib'
238 | bpo-36216:
239 | author: Steve Dower
240 | date: 2019-03-06 17:37:20
241 | title: 'CVE-2019-9636: urlsplit does not handle NFKC normalization'
242 | bpo-36742:
243 | author: Chihiro Ito
244 | date: 2019-04-27 12:30:16
245 | title: 'CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@'
246 | bpo-37463:
247 | author: Christian Heimes
248 | date: 2019-07-01 06:47:03
249 | title: ssl.match_hostname() ignores extra string after whitespace in IPv4 address
250 | bpo-38243:
251 | author: longwenzhang
252 | date: 2019-09-21 02:17:29
253 | title: '[security][CVE-2019-16935] A reflected XSS in python/Lib/DocXMLRPCServer.py'
254 | bpo-38576:
255 | author: Riccardo Schirone
256 | date: 2019-10-24 07:51:17
257 | title: 'CVE-2019-18348: CRLF injection via the host part of the url passed to
258 | urlopen()'
259 | bpo-38804:
260 | author: Ben Caller
261 | date: 2019-11-14 23:37:59
262 | title: Regular Expression Denial of Service in http.cookiejar
263 | bpo-38826:
264 | author: Ben Caller
265 | date: 2019-11-17 01:45:42
266 | title: Regular Expression Denial of Service in urllib.request.AbstractBasicAuthHandler
267 | bpo-38945:
268 | author: stealthcopter
269 | date: 2019-11-30 17:06:01
270 | title: Remove newline characters from uu encoding methods
271 | bpo-39017:
272 | author: jvoisin
273 | date: 2019-12-10 16:19:56
274 | title: '[CVE-2019-20907] Infinite loop in the tarfile module'
275 | bpo-39073:
276 | author: Jasper Spaans
277 | date: 2019-12-17 12:46:42
278 | title: '[security] email module incorrect handling of CR and LF newline characters
279 | in Address objects.'
280 | bpo-39401:
281 | author: Anthony Wee
282 | date: 2020-01-21 01:02:14
283 | title: '[CVE-2020-8315] Unsafe dll loading in getpathp.c on Win7'
284 | bpo-39603:
285 | author: Max
286 | date: 2020-02-10 19:29:35
287 | title: '[security][ CVE-2020-26116] http.client: HTTP Header Injection in the
288 | HTTP method'
289 | bpo-41004:
290 | author: martin wennberg
291 | date: 2020-06-17 13:11:52
292 | title: '[CVE-2020-14422] Hash collisions in IPv4Interface and IPv6Interface'
293 | bpo-41944:
294 | author: Serhiy Storchaka
295 | date: 2020-10-05 14:40:52
296 | title: '[security][CVE-2020-27619] Python testsuite calls eval() on content received
297 | via HTTP'
298 | bpo-42938:
299 | author: Jordy Zomer
300 | date: 2021-01-16 08:03:26
301 | title: '[security][CVE-2021-3177] ctypes double representation BoF'
302 | bpo-42967:
303 | author: Adam Goldschmidt
304 | date: 2021-01-19 15:06:48
305 | title: '[CVE-2021-23336] urllib.parse.parse_qsl(): Web cache poisoning - `; `
306 | as a query args separator'
307 | bpo-42988:
308 | author: "Miro Hron\u010Dok"
309 | date: 2021-01-21 12:18:37
310 | title: '[security] CVE-2021-3426: Information disclosure via pydoc -p: /getfile?key=path
311 | allows to read arbitrary file on the filesystem'
312 | bpo-43075:
313 | author: yeting li
314 | date: 2021-01-30 08:11:46
315 | title: 'CVE-2021-3733: ReDoS in urllib.request'
316 | bpo-43285:
317 | author: confd0
318 | date: 2021-02-21 11:49:34
319 | title: ftplib should not use the host from the PASV response
320 | bpo-43882:
321 | author: Senthil Kumaran
322 | date: 2021-04-18 19:36:58
323 | title: '[security] CVE-2022-0391: urllib.parse should sanitize urls containing
324 | ASCII newline and tabs.'
325 | bpo-44022:
326 | author: guangli dong
327 | date: 2021-05-03 17:13:03
328 | title: 'CVE-2021-3737: urllib http client possible infinite loop on a 100 Continue
329 | response'
330 | bpo-44394:
331 | author: STINNER Victor
332 | date: 2021-06-11 14:14:07
333 | title: '[security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update
334 | vendored copy to expat 2.4.1'
335 | bpo-44549:
336 | author: siddhartha shankar mahato
337 | date: 2021-07-02 10:46:07
338 | title: Update Windows installer to use bzip2 1.0.8
339 | bpo-47194:
340 | author: Gregory P. Smith
341 | date: 2022-04-01 19:25:42
342 | title: Upgrade to zlib v1.2.12 in CPython binary releases
343 | bpo-6706:
344 | author: Giampaolo Rodola'
345 | date: 2009-08-14 23:03:34
346 | title: asyncore's accept() is broken
347 | bpo-6791:
348 | author: sumar
349 | date: 2009-08-28 08:32:32
350 | title: httplib read status memory usage
351 | bpo-7673:
352 | author: STINNER Victor
353 | date: 2010-01-11 01:05:03
354 | title: 'audioop: check that length is a multiple of the size'
355 | bpo-8674:
356 | author: Tomas Hoger
357 | date: 2010-05-10 13:43:22
358 | title: 'audioop: incorrect integer overflow checks'
359 | gh-102988:
360 | author: tdwyer
361 | date: 2023-03-24 03:30:35
362 | title: '[CVE-2023-27043] Parsing errors in email/_parseaddr.py lead to incorrect
363 | value in email address part of tuple'
364 | gh-87389:
365 | author: Hamza Avvan
366 | date: 2021-02-14 11:42:37
367 | title: '[security] CVE-2021-28861: http.server: Open Redirection if the URL path
368 | starts with //'
369 | gh-95778:
370 | author: gpshead
371 | date: 2022-08-08 07:53:39
372 | title: 'CVE-2020-10735: Prevent DoS by large int<->str conversions'
373 | gh-97514:
374 | author: gpshead
375 | date: 2022-09-23 19:24:04
376 | title: Linux specific local privilege escalation via the multiprocessing forkserver
377 | start method - CVE-2022-42919
378 | gh-98433:
379 | author: guidovranken
380 | date: 2022-10-19 06:12:24
381 | title: Slow IDNA decoding with large strings [CVE-2022-45061]
382 | gh-98517:
383 | author: botovq
384 | date: 2022-10-21 12:51:55
385 | title: '[CVE-2022-37454] Buffer overflow in the _sha3 module in python versions
386 | <= 3.10'
387 | gh-99418:
388 | author: kenballus
389 | date: 2022-11-12 19:27:12
390 | title: '[CVE-2023-24329] urlparse does not correctly handle schemes that begin
391 | with ASCII digits, ''+'', ''-'', and ''.'' characters'
392 |
--------------------------------------------------------------------------------
/conf.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | # -*- coding: utf-8 -*-
3 | #
4 | # Python Security documentation build configuration file, created by
5 | # sphinx-quickstart on Fri Feb 17 16:48:26 2017.
6 | #
7 | # This file is execfile()d with the current directory set to its
8 | # containing dir.
9 | #
10 | # Note that not all possible configuration values are present in this
11 | # autogenerated file.
12 | #
13 | # All configuration values have a default; values that are commented out
14 | # serve to show the default.
15 |
16 | # If extensions (or modules to document with autodoc) are in another directory,
17 | # add these directories to sys.path here. If the directory is relative to the
18 | # documentation root, use os.path.abspath to make it absolute, like shown here.
19 | #
20 | # import os
21 | # import sys
22 | # sys.path.insert(0, os.path.abspath('.'))
23 |
24 |
25 | # -- General configuration ------------------------------------------------
26 |
27 | # If your documentation needs a minimal Sphinx version, state it here.
28 | #
29 | # needs_sphinx = '1.0'
30 |
31 | # Add any Sphinx extension module names here, as strings. They can be
32 | # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
33 | # ones.
34 | extensions = []
35 |
36 | # Add any paths that contain templates here, relative to this directory.
37 | templates_path = ['_templates']
38 |
39 | # The suffix(es) of source filenames.
40 | # You can specify multiple suffix as a list of string:
41 | #
42 | # source_suffix = ['.rst', '.md']
43 | source_suffix = '.rst'
44 |
45 | # The master toctree document.
46 | master_doc = 'index'
47 |
48 | # General information about the project.
49 | project = 'Python Security'
50 | copyright = '2017, Victor Stinner'
51 | author = 'Victor Stinner'
52 |
53 | # The version info for the project you're documenting, acts as replacement for
54 | # |version| and |release|, also used in various other places throughout the
55 | # built documents.
56 | #
57 | # The short X.Y version.
58 | # The full version, including alpha/beta/rc tags.
59 | version = release = '0.0'
60 |
61 | # The language for content autogenerated by Sphinx. Refer to documentation
62 | # for a list of supported languages.
63 | #
64 | # This is also used if you do content translation via gettext catalogs.
65 | # Usually you set "language" from the command line for these cases.
66 | language = "en"
67 |
68 | # List of patterns, relative to source directory, that match files and
69 | # directories to ignore when looking for source files.
70 | # This patterns also effect to html_static_path and html_extra_path
71 | exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store', 'README.rst', 'venv']
72 |
73 | # The name of the Pygments (syntax highlighting) style to use.
74 | pygments_style = 'sphinx'
75 |
76 | # If true, `todo` and `todoList` produce output, else they produce nothing.
77 | todo_include_todos = False
78 |
79 |
80 | # -- Options for HTML output ----------------------------------------------
81 |
82 | # The theme to use for HTML and HTML Help pages. See the documentation for
83 | # a list of builtin themes.
84 | #
85 | html_theme = 'default'
86 |
87 | # Theme options are theme-specific and customize the look and feel of a theme
88 | # further. For a list of options available for each theme, see the
89 | # documentation.
90 | #
91 | # html_theme_options = {}
92 |
93 | # Add any paths that contain custom static files (such as style sheets) here,
94 | # relative to this directory. They are copied after the builtin static files,
95 | # so a file named "default.css" will overwrite the builtin "default.css".
96 | html_static_path = ['_static']
97 |
98 |
99 | # -- Options for HTMLHelp output ------------------------------------------
100 |
101 | # Output file base name for HTML help builder.
102 | htmlhelp_basename = 'PythonSecuritydoc'
103 |
104 |
105 | # -- Options for LaTeX output ---------------------------------------------
106 |
107 | latex_elements = {
108 | # The paper size ('letterpaper' or 'a4paper').
109 | #
110 | # 'papersize': 'letterpaper',
111 |
112 | # The font size ('10pt', '11pt' or '12pt').
113 | #
114 | # 'pointsize': '10pt',
115 |
116 | # Additional stuff for the LaTeX preamble.
117 | #
118 | # 'preamble': '',
119 |
120 | # Latex figure (float) alignment
121 | #
122 | # 'figure_align': 'htbp',
123 | }
124 |
125 | # Grouping the document tree into LaTeX files. List of tuples
126 | # (source start file, target name, title,
127 | # author, documentclass [howto, manual, or own class]).
128 | latex_documents = [
129 | (master_doc, 'PythonSecurity.tex', 'Python Security Documentation',
130 | 'Victor Stinner', 'manual'),
131 | ]
132 |
133 |
134 | # -- Options for manual page output ---------------------------------------
135 |
136 | # One entry per manual page. List of tuples
137 | # (source start file, name, description, authors, manual section).
138 | man_pages = [
139 | (master_doc, 'pythonsecurity', 'Python Security Documentation',
140 | [author], 1)
141 | ]
142 |
143 |
144 | # -- Options for Texinfo output -------------------------------------------
145 |
146 | # Grouping the document tree into Texinfo files. List of tuples
147 | # (source start file, target name, title, author,
148 | # dir menu entry, description, category)
149 | texinfo_documents = [
150 | (master_doc, 'PythonSecurity', 'Python Security Documentation',
151 | author, 'PythonSecurity', 'One line description of project.',
152 | 'Miscellaneous'),
153 | ]
154 |
--------------------------------------------------------------------------------
/config.ini.template:
--------------------------------------------------------------------------------
1 | [config]
2 | bpo_username = LOGIN
3 | bpo_password = PASSWORD
4 | # Git checkout of https://github.com/python/cpython/
5 | python_srcdir = /path/to/python
6 |
--------------------------------------------------------------------------------
/cve/CVE-2008-1679.json:
--------------------------------------------------------------------------------
1 | {
2 | "Modified": "2017-09-29T01:30:00",
3 | "Published": "2008-04-22T04:41:00",
4 | "access": {
5 | "authentication": "NONE",
6 | "complexity": "MEDIUM",
7 | "vector": "NETWORK"
8 | },
9 | "assigner": "cve@mitre.org",
10 | "capec": [],
11 | "cvss": 6.8,
12 | "cvss-time": "2017-09-29T01:30:00",
13 | "cvss-vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
14 | "cwe": "CWE-189",
15 | "id": "CVE-2008-1679",
16 | "impact": {
17 | "availability": "PARTIAL",
18 | "confidentiality": "PARTIAL",
19 | "integrity": "PARTIAL"
20 | },
21 | "last-modified": "2017-09-29T01:30:00",
22 | "oval": [
23 | {
24 | "accepted": "2013-04-29T04:06:52.162-04:00",
25 | "class": "vulnerability",
26 | "contributors": [
27 | {
28 | "name": "Aharon Chernin",
29 | "organization": "SCAP.com, LLC"
30 | },
31 | {
32 | "name": "Dragos Prisaca",
33 | "organization": "G2, Inc."
34 | }
35 | ],
36 | "definition_extensions": [
37 | {
38 | "comment": "The operating system installed on the system is Red Hat Enterprise Linux 3",
39 | "oval": "oval:org.mitre.oval:def:11782"
40 | },
41 | {
42 | "comment": "CentOS Linux 3.x",
43 | "oval": "oval:org.mitre.oval:def:16651"
44 | },
45 | {
46 | "comment": "The operating system installed on the system is Red Hat Enterprise Linux 4",
47 | "oval": "oval:org.mitre.oval:def:11831"
48 | },
49 | {
50 | "comment": "CentOS Linux 4.x",
51 | "oval": "oval:org.mitre.oval:def:16636"
52 | },
53 | {
54 | "comment": "Oracle Linux 4.x",
55 | "oval": "oval:org.mitre.oval:def:15990"
56 | }
57 | ],
58 | "description": "Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.",
59 | "family": "unix",
60 | "id": "oval:org.mitre.oval:def:10583",
61 | "status": "accepted",
62 | "submitted": "2010-07-09T03:56:16-04:00",
63 | "title": "Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.",
64 | "version": "29"
65 | },
66 | {
67 | "accepted": "2010-03-01T04:00:13.347-05:00",
68 | "class": "vulnerability",
69 | "contributors": [
70 | {
71 | "name": "Pai Peng",
72 | "organization": "Hewlett-Packard"
73 | }
74 | ],
75 | "definition_extensions": [
76 | {
77 | "comment": "Solaris 10 (SPARC) is installed",
78 | "oval": "oval:org.mitre.oval:def:1440"
79 | },
80 | {
81 | "comment": "Solaris 10 (x86) is installed",
82 | "oval": "oval:org.mitre.oval:def:1926"
83 | }
84 | ],
85 | "description": "Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.",
86 | "family": "unix",
87 | "id": "oval:org.mitre.oval:def:7800",
88 | "status": "accepted",
89 | "submitted": "2010-01-19T17:52:34.000-05:00",
90 | "title": "Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code",
91 | "version": "35"
92 | }
93 | ],
94 | "redhat": {
95 | "rpms": [
96 | "python-0:2.3.4-14.7.el4_8.2",
97 | "python-debuginfo-0:2.3.4-14.7.el4_8.2",
98 | "python-devel-0:2.3.4-14.7.el4_8.2",
99 | "python-docs-0:2.3.4-14.7.el4_8.2",
100 | "python-tools-0:2.3.4-14.7.el4_8.2",
101 | "tkinter-0:2.3.4-14.7.el4_8.2",
102 | "python-0:2.2.3-6.11",
103 | "python-debuginfo-0:2.2.3-6.11",
104 | "python-devel-0:2.2.3-6.11",
105 | "python-tools-0:2.2.3-6.11",
106 | "tkinter-0:2.2.3-6.11"
107 | ]
108 | },
109 | "references": [
110 | "http://bugs.python.org/issue1179",
111 | "http://bugs.python.org/msg64682",
112 | "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html",
113 | "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html",
114 | "http://secunia.com/advisories/29889",
115 | "http://secunia.com/advisories/29955",
116 | "http://secunia.com/advisories/30872",
117 | "http://secunia.com/advisories/31255",
118 | "http://secunia.com/advisories/31358",
119 | "http://secunia.com/advisories/31365",
120 | "http://secunia.com/advisories/31518",
121 | "http://secunia.com/advisories/31687",
122 | "http://secunia.com/advisories/33937",
123 | "http://secunia.com/advisories/38675",
124 | "http://security.gentoo.org/glsa/glsa-200807-01.xml",
125 | "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289",
126 | "http://support.apple.com/kb/HT3438",
127 | "http://support.avaya.com/css/P8/documents/100074697",
128 | "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149",
129 | "http://www.debian.org/security/2008/dsa-1551",
130 | "http://www.debian.org/security/2008/dsa-1620",
131 | "http://www.mandriva.com/security/advisories?name=MDVSA-2008:163",
132 | "http://www.mandriva.com/security/advisories?name=MDVSA-2008:164",
133 | "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900",
134 | "http://www.ubuntu.com/usn/usn-632-1",
135 | "https://exchange.xforce.ibmcloud.com/vulnerabilities/41958",
136 | "https://issues.rpath.com/browse/RPL-2424",
137 | "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10583",
138 | "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7800"
139 | ],
140 | "refmap": {
141 | "apple": [
142 | "APPLE-SA-2009-02-12"
143 | ],
144 | "confirm": [
145 | "http://bugs.python.org/issue1179",
146 | "http://support.apple.com/kb/HT3438",
147 | "http://support.avaya.com/css/P8/documents/100074697",
148 | "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149",
149 | "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900",
150 | "https://issues.rpath.com/browse/RPL-2424"
151 | ],
152 | "debian": [
153 | "DSA-1551",
154 | "DSA-1620"
155 | ],
156 | "gentoo": [
157 | "GLSA-200807-01"
158 | ],
159 | "mandriva": [
160 | "MDVSA-2008:163",
161 | "MDVSA-2008:164"
162 | ],
163 | "misc": [
164 | "http://bugs.python.org/msg64682"
165 | ],
166 | "secunia": [
167 | "29889",
168 | "29955",
169 | "30872",
170 | "31255",
171 | "31358",
172 | "31365",
173 | "31518",
174 | "31687",
175 | "33937",
176 | "38675"
177 | ],
178 | "slackware": [
179 | "SSA:2008-217-01"
180 | ],
181 | "suse": [
182 | "SUSE-SR:2008:017"
183 | ],
184 | "ubuntu": [
185 | "USN-632-1"
186 | ],
187 | "xf": [
188 | "python-imageopc-bo(41958)"
189 | ]
190 | },
191 | "statements": [
192 | {
193 | "contributor": "Joshua Bressers",
194 | "lastmodified": "2008-04-22",
195 | "organization": "Red Hat",
196 | "statement": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1679\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/"
197 | }
198 | ],
199 | "summary": "Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.",
200 | "vulnerable_configuration": [
201 | {
202 | "id": "cpe:2.3:a:python_software_foundation:python:2.4:*:*:*:*:*:*:*",
203 | "title": "cpe:2.3:a:python_software_foundation:python:2.4:*:*:*:*:*:*:*"
204 | },
205 | {
206 | "id": "cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:*",
207 | "title": "cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:*"
208 | }
209 | ],
210 | "vulnerable_configuration_cpe_2_2": [],
211 | "vulnerable_product": [
212 | "cpe:2.3:a:python_software_foundation:python:2.4:*:*:*:*:*:*:*",
213 | "cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:*"
214 | ]
215 | }
--------------------------------------------------------------------------------
/cve/CVE-2008-1721.json:
--------------------------------------------------------------------------------
1 | {
2 | "Modified": "2022-07-05T18:43:00",
3 | "Published": "2008-04-10T19:05:00",
4 | "access": {
5 | "authentication": "NONE",
6 | "complexity": "LOW",
7 | "vector": "NETWORK"
8 | },
9 | "assigner": "cve@mitre.org",
10 | "capec": [],
11 | "cvss": 7.5,
12 | "cvss-time": "2022-07-05T18:43:00",
13 | "cvss-vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
14 | "cwe": "CWE-681",
15 | "id": "CVE-2008-1721",
16 | "impact": {
17 | "availability": "PARTIAL",
18 | "confidentiality": "PARTIAL",
19 | "integrity": "PARTIAL"
20 | },
21 | "last-modified": "2022-07-05T18:43:00",
22 | "oval": [
23 | {
24 | "accepted": "2010-03-01T04:00:16.164-05:00",
25 | "class": "vulnerability",
26 | "contributors": [
27 | {
28 | "name": "Pai Peng",
29 | "organization": "Hewlett-Packard"
30 | }
31 | ],
32 | "definition_extensions": [
33 | {
34 | "comment": "Solaris 10 (SPARC) is installed",
35 | "oval": "oval:org.mitre.oval:def:1440"
36 | },
37 | {
38 | "comment": "Solaris 10 (x86) is installed",
39 | "oval": "oval:org.mitre.oval:def:1926"
40 | }
41 | ],
42 | "description": "Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.",
43 | "family": "unix",
44 | "id": "oval:org.mitre.oval:def:8249",
45 | "status": "accepted",
46 | "submitted": "2010-01-19T17:52:34.000-05:00",
47 | "title": "Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code",
48 | "version": "35"
49 | },
50 | {
51 | "accepted": "2014-01-20T04:01:39.657-05:00",
52 | "class": "vulnerability",
53 | "contributors": [
54 | {
55 | "name": "Pai Peng",
56 | "organization": "Hewlett-Packard"
57 | },
58 | {
59 | "name": "Chris Coffin",
60 | "organization": "The MITRE Corporation"
61 | }
62 | ],
63 | "definition_extensions": [
64 | {
65 | "comment": "VMWare ESX Server 3.0.3 is installed",
66 | "oval": "oval:org.mitre.oval:def:6026"
67 | },
68 | {
69 | "comment": "VMware ESX Server 3.5.0 is installed",
70 | "oval": "oval:org.mitre.oval:def:5887"
71 | },
72 | {
73 | "comment": "VMware ESX Server 4.0 is installed",
74 | "oval": "oval:org.mitre.oval:def:6293"
75 | }
76 | ],
77 | "description": "Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.",
78 | "family": "unix",
79 | "id": "oval:org.mitre.oval:def:8494",
80 | "status": "accepted",
81 | "submitted": "2010-03-19T16:57:59.000-04:00",
82 | "title": "VMware python zlib extension module vulnerability",
83 | "version": "7"
84 | },
85 | {
86 | "accepted": "2013-04-29T04:19:12.524-04:00",
87 | "class": "vulnerability",
88 | "contributors": [
89 | {
90 | "name": "Aharon Chernin",
91 | "organization": "SCAP.com, LLC"
92 | },
93 | {
94 | "name": "Dragos Prisaca",
95 | "organization": "G2, Inc."
96 | }
97 | ],
98 | "definition_extensions": [
99 | {
100 | "comment": "The operating system installed on the system is Red Hat Enterprise Linux 4",
101 | "oval": "oval:org.mitre.oval:def:11831"
102 | },
103 | {
104 | "comment": "CentOS Linux 4.x",
105 | "oval": "oval:org.mitre.oval:def:16636"
106 | },
107 | {
108 | "comment": "Oracle Linux 4.x",
109 | "oval": "oval:org.mitre.oval:def:15990"
110 | },
111 | {
112 | "comment": "The operating system installed on the system is Red Hat Enterprise Linux 5",
113 | "oval": "oval:org.mitre.oval:def:11414"
114 | },
115 | {
116 | "comment": "The operating system installed on the system is CentOS Linux 5.x",
117 | "oval": "oval:org.mitre.oval:def:15802"
118 | },
119 | {
120 | "comment": "Oracle Linux 5.x",
121 | "oval": "oval:org.mitre.oval:def:15459"
122 | }
123 | ],
124 | "description": "Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.",
125 | "family": "unix",
126 | "id": "oval:org.mitre.oval:def:9407",
127 | "status": "accepted",
128 | "submitted": "2010-07-09T03:56:16-04:00",
129 | "title": "Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.",
130 | "version": "30"
131 | }
132 | ],
133 | "redhat": {
134 | "rpms": [
135 | "python-0:2.4.3-24.el5_3.6",
136 | "python-debuginfo-0:2.4.3-24.el5_3.6",
137 | "python-devel-0:2.4.3-24.el5_3.6",
138 | "python-tools-0:2.4.3-24.el5_3.6",
139 | "tkinter-0:2.4.3-24.el5_3.6",
140 | "python-0:2.3.4-14.7.el4_8.2",
141 | "python-debuginfo-0:2.3.4-14.7.el4_8.2",
142 | "python-devel-0:2.3.4-14.7.el4_8.2",
143 | "python-docs-0:2.3.4-14.7.el4_8.2",
144 | "python-tools-0:2.3.4-14.7.el4_8.2",
145 | "tkinter-0:2.3.4-14.7.el4_8.2"
146 | ]
147 | },
148 | "references": [
149 | "http://bugs.python.org/issue2586",
150 | "http://www.securityfocus.com/bid/28715",
151 | "http://securityreason.com/securityalert/3802",
152 | "http://www.mandriva.com/security/advisories?name=MDVSA-2008:085",
153 | "http://www.debian.org/security/2008/dsa-1551",
154 | "http://secunia.com/advisories/29889",
155 | "http://www.securitytracker.com/id?1019823",
156 | "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149",
157 | "https://issues.rpath.com/browse/RPL-2444",
158 | "http://secunia.com/advisories/29955",
159 | "http://secunia.com/advisories/30872",
160 | "http://www.ubuntu.com/usn/usn-632-1",
161 | "http://security.gentoo.org/glsa/glsa-200807-01.xml",
162 | "http://www.debian.org/security/2008/dsa-1620",
163 | "http://secunia.com/advisories/31358",
164 | "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289",
165 | "http://secunia.com/advisories/31365",
166 | "http://secunia.com/advisories/31255",
167 | "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html",
168 | "http://secunia.com/advisories/33937",
169 | "http://support.apple.com/kb/HT3438",
170 | "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
171 | "http://secunia.com/advisories/37471",
172 | "http://www.vupen.com/english/advisories/2009/3316",
173 | "http://support.avaya.com/css/P8/documents/100074697",
174 | "http://secunia.com/advisories/38675",
175 | "http://www.vupen.com/english/advisories/2008/1229/references",
176 | "https://exchange.xforce.ibmcloud.com/vulnerabilities/41748",
177 | "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9407",
178 | "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8494",
179 | "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8249",
180 | "http://www.securityfocus.com/archive/1/507985/100/0/threaded",
181 | "http://www.securityfocus.com/archive/1/490690/100/0/threaded"
182 | ],
183 | "refmap": {
184 | "apple": [
185 | "APPLE-SA-2009-02-12"
186 | ],
187 | "bid": [
188 | "28715"
189 | ],
190 | "bugtraq": [
191 | "20080409 IOActive Security Advisory: Buffer overflow in Python zlib extension module",
192 | "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components"
193 | ],
194 | "confirm": [
195 | "http://bugs.python.org/issue2586",
196 | "http://support.apple.com/kb/HT3438",
197 | "http://support.avaya.com/css/P8/documents/100074697",
198 | "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149",
199 | "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
200 | "https://issues.rpath.com/browse/RPL-2444"
201 | ],
202 | "debian": [
203 | "DSA-1551",
204 | "DSA-1620"
205 | ],
206 | "gentoo": [
207 | "GLSA-200807-01"
208 | ],
209 | "mandriva": [
210 | "MDVSA-2008:085"
211 | ],
212 | "sectrack": [
213 | "1019823"
214 | ],
215 | "secunia": [
216 | "29889",
217 | "29955",
218 | "30872",
219 | "31255",
220 | "31358",
221 | "31365",
222 | "33937",
223 | "37471",
224 | "38675"
225 | ],
226 | "slackware": [
227 | "SSA:2008-217-01"
228 | ],
229 | "sreason": [
230 | "3802"
231 | ],
232 | "ubuntu": [
233 | "USN-632-1"
234 | ],
235 | "vupen": [
236 | "ADV-2008-1229",
237 | "ADV-2009-3316"
238 | ],
239 | "xf": [
240 | "zlib-pystringfromstringandsize-bo(41748)"
241 | ]
242 | },
243 | "statements": [
244 | {
245 | "contributor": "Joshua Bressers",
246 | "lastmodified": "2008-04-15",
247 | "organization": "Red Hat",
248 | "statement": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=442005\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/"
249 | }
250 | ],
251 | "summary": "Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.",
252 | "vulnerable_configuration": [
253 | {
254 | "id": "cpe:2.3:a:python:python:2.4.0:*:*:*:*:*:*:*",
255 | "title": "cpe:2.3:a:python:python:2.4.0:*:*:*:*:*:*:*"
256 | },
257 | {
258 | "id": "cpe:2.3:a:python:python:2.4.1:*:*:*:*:*:*:*",
259 | "title": "cpe:2.3:a:python:python:2.4.1:*:*:*:*:*:*:*"
260 | },
261 | {
262 | "id": "cpe:2.3:a:python:python:2.4.2:*:*:*:*:*:*:*",
263 | "title": "cpe:2.3:a:python:python:2.4.2:*:*:*:*:*:*:*"
264 | },
265 | {
266 | "id": "cpe:2.3:a:python:python:2.4.3:*:*:*:*:*:*:*",
267 | "title": "cpe:2.3:a:python:python:2.4.3:*:*:*:*:*:*:*"
268 | },
269 | {
270 | "id": "cpe:2.3:a:python:python:2.4.4:*:*:*:*:*:*:*",
271 | "title": "cpe:2.3:a:python:python:2.4.4:*:*:*:*:*:*:*"
272 | },
273 | {
274 | "id": "cpe:2.3:a:python:python:2.4.5:*:*:*:*:*:*:*",
275 | "title": "cpe:2.3:a:python:python:2.4.5:*:*:*:*:*:*:*"
276 | },
277 | {
278 | "id": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
279 | "title": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
280 | },
281 | {
282 | "id": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
283 | "title": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*"
284 | },
285 | {
286 | "id": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
287 | "title": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*"
288 | },
289 | {
290 | "id": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
291 | "title": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*"
292 | },
293 | {
294 | "id": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
295 | "title": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*"
296 | },
297 | {
298 | "id": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
299 | "title": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*"
300 | }
301 | ],
302 | "vulnerable_configuration_cpe_2_2": [],
303 | "vulnerable_product": [
304 | "cpe:2.3:a:python:python:2.4.0:*:*:*:*:*:*:*",
305 | "cpe:2.3:a:python:python:2.4.1:*:*:*:*:*:*:*",
306 | "cpe:2.3:a:python:python:2.4.2:*:*:*:*:*:*:*",
307 | "cpe:2.3:a:python:python:2.4.3:*:*:*:*:*:*:*",
308 | "cpe:2.3:a:python:python:2.4.4:*:*:*:*:*:*:*",
309 | "cpe:2.3:a:python:python:2.4.5:*:*:*:*:*:*:*",
310 | "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
311 | "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
312 | "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
313 | "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
314 | "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
315 | "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*"
316 | ]
317 | }
--------------------------------------------------------------------------------
/cve/CVE-2008-2316.json:
--------------------------------------------------------------------------------
1 | {
2 | "Modified": "2018-10-11T20:40:00",
3 | "Published": "2008-08-01T14:41:00",
4 | "access": {
5 | "authentication": "NONE",
6 | "complexity": "LOW",
7 | "vector": "NETWORK"
8 | },
9 | "assigner": "cve@mitre.org",
10 | "capec": [],
11 | "cvss": 7.5,
12 | "cvss-time": "2018-10-11T20:40:00",
13 | "cvss-vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
14 | "cwe": "CWE-189",
15 | "id": "CVE-2008-2316",
16 | "impact": {
17 | "availability": "PARTIAL",
18 | "confidentiality": "PARTIAL",
19 | "integrity": "PARTIAL"
20 | },
21 | "last-modified": "2018-10-11T20:40:00",
22 | "references": [
23 | "http://bugs.gentoo.org/attachment.cgi?id=159422&action=view",
24 | "http://bugs.gentoo.org/show_bug.cgi?id=230640",
25 | "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html",
26 | "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html",
27 | "http://secunia.com/advisories/31305",
28 | "http://secunia.com/advisories/31332",
29 | "http://secunia.com/advisories/31358",
30 | "http://secunia.com/advisories/31365",
31 | "http://secunia.com/advisories/31473",
32 | "http://secunia.com/advisories/31518",
33 | "http://secunia.com/advisories/31687",
34 | "http://secunia.com/advisories/33937",
35 | "http://security.gentoo.org/glsa/glsa-200807-16.xml",
36 | "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289",
37 | "http://support.apple.com/kb/HT3438",
38 | "http://wiki.rpath.com/Advisories:rPSA-2008-0243",
39 | "http://www.mandriva.com/security/advisories?name=MDVSA-2008:163",
40 | "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900",
41 | "http://www.securityfocus.com/archive/1/495445/100/0/threaded",
42 | "http://www.securityfocus.com/bid/30491",
43 | "http://www.ubuntu.com/usn/usn-632-1",
44 | "http://www.vupen.com/english/advisories/2008/2288",
45 | "https://exchange.xforce.ibmcloud.com/vulnerabilities/44173",
46 | "https://exchange.xforce.ibmcloud.com/vulnerabilities/44174"
47 | ],
48 | "refmap": {
49 | "apple": [
50 | "APPLE-SA-2009-02-12"
51 | ],
52 | "bid": [
53 | "30491"
54 | ],
55 | "bugtraq": [
56 | "20080813 rPSA-2008-0243-1 idle python"
57 | ],
58 | "confirm": [
59 | "http://bugs.gentoo.org/attachment.cgi?id=159422&action=view",
60 | "http://bugs.gentoo.org/show_bug.cgi?id=230640",
61 | "http://support.apple.com/kb/HT3438",
62 | "http://wiki.rpath.com/Advisories:rPSA-2008-0243",
63 | "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900"
64 | ],
65 | "gentoo": [
66 | "GLSA-200807-16"
67 | ],
68 | "mandriva": [
69 | "MDVSA-2008:163"
70 | ],
71 | "secunia": [
72 | "31305",
73 | "31332",
74 | "31358",
75 | "31365",
76 | "31473",
77 | "31518",
78 | "31687",
79 | "33937"
80 | ],
81 | "slackware": [
82 | "SSA:2008-217-01"
83 | ],
84 | "suse": [
85 | "SUSE-SR:2008:017"
86 | ],
87 | "ubuntu": [
88 | "USN-632-1"
89 | ],
90 | "vupen": [
91 | "ADV-2008-2288"
92 | ],
93 | "xf": [
94 | "python-hashlib-overflow(44174)",
95 | "python-multiple-bo(44173)"
96 | ]
97 | },
98 | "statements": [
99 | {
100 | "contributor": "Tomas Hoger",
101 | "lastmodified": "2008-08-04",
102 | "organization": "Red Hat",
103 | "statement": "Not vulnerable. This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Affected module was only introduced upstream in python 2.5."
104 | }
105 | ],
106 | "summary": "Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to \"partial hashlib hashing of data exceeding 4GB.\"",
107 | "vulnerable_configuration": [
108 | {
109 | "id": "cpe:2.3:a:python_software_foundation:python:1.5.2:*:*:*:*:*:*:*",
110 | "title": "cpe:2.3:a:python_software_foundation:python:1.5.2:*:*:*:*:*:*:*"
111 | },
112 | {
113 | "id": "cpe:2.3:a:python_software_foundation:python:1.6.1:*:*:*:*:*:*:*",
114 | "title": "cpe:2.3:a:python_software_foundation:python:1.6.1:*:*:*:*:*:*:*"
115 | },
116 | {
117 | "id": "cpe:2.3:a:python_software_foundation:python:2.0.1:*:*:*:*:*:*:*",
118 | "title": "cpe:2.3:a:python_software_foundation:python:2.0.1:*:*:*:*:*:*:*"
119 | },
120 | {
121 | "id": "cpe:2.3:a:python_software_foundation:python:2.1.3:*:*:*:*:*:*:*",
122 | "title": "cpe:2.3:a:python_software_foundation:python:2.1.3:*:*:*:*:*:*:*"
123 | },
124 | {
125 | "id": "cpe:2.3:a:python_software_foundation:python:2.2.3:*:*:*:*:*:*:*",
126 | "title": "cpe:2.3:a:python_software_foundation:python:2.2.3:*:*:*:*:*:*:*"
127 | },
128 | {
129 | "id": "cpe:2.3:a:python_software_foundation:python:2.3.7:*:*:*:*:*:*:*",
130 | "title": "cpe:2.3:a:python_software_foundation:python:2.3.7:*:*:*:*:*:*:*"
131 | },
132 | {
133 | "id": "cpe:2.3:a:python_software_foundation:python:2.4.5:*:*:*:*:*:*:*",
134 | "title": "cpe:2.3:a:python_software_foundation:python:2.4.5:*:*:*:*:*:*:*"
135 | },
136 | {
137 | "id": "cpe:2.3:a:python_software_foundation:python:2.5.1:*:*:*:*:*:*:*",
138 | "title": "cpe:2.3:a:python_software_foundation:python:2.5.1:*:*:*:*:*:*:*"
139 | },
140 | {
141 | "id": "cpe:2.3:a:python_software_foundation:python:2.5.2:*:*:*:*:*:*:*",
142 | "title": "cpe:2.3:a:python_software_foundation:python:2.5.2:*:*:*:*:*:*:*"
143 | }
144 | ],
145 | "vulnerable_configuration_cpe_2_2": [],
146 | "vulnerable_product": [
147 | "cpe:2.3:a:python_software_foundation:python:1.5.2:*:*:*:*:*:*:*",
148 | "cpe:2.3:a:python_software_foundation:python:1.6.1:*:*:*:*:*:*:*",
149 | "cpe:2.3:a:python_software_foundation:python:2.0.1:*:*:*:*:*:*:*",
150 | "cpe:2.3:a:python_software_foundation:python:2.1.3:*:*:*:*:*:*:*",
151 | "cpe:2.3:a:python_software_foundation:python:2.2.3:*:*:*:*:*:*:*",
152 | "cpe:2.3:a:python_software_foundation:python:2.3.7:*:*:*:*:*:*:*",
153 | "cpe:2.3:a:python_software_foundation:python:2.4.5:*:*:*:*:*:*:*",
154 | "cpe:2.3:a:python_software_foundation:python:2.5.1:*:*:*:*:*:*:*",
155 | "cpe:2.3:a:python_software_foundation:python:2.5.2:*:*:*:*:*:*:*"
156 | ]
157 | }
--------------------------------------------------------------------------------
/cve/CVE-2008-3143.json:
--------------------------------------------------------------------------------
1 | {
2 | "Modified": "2018-10-11T20:47:00",
3 | "Published": "2008-08-01T14:41:00",
4 | "access": {
5 | "authentication": "NONE",
6 | "complexity": "LOW",
7 | "vector": "NETWORK"
8 | },
9 | "assigner": "cve@mitre.org",
10 | "capec": [],
11 | "cvss": 7.5,
12 | "cvss-time": "2018-10-11T20:47:00",
13 | "cvss-vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
14 | "cwe": "CWE-189",
15 | "id": "CVE-2008-3143",
16 | "impact": {
17 | "availability": "PARTIAL",
18 | "confidentiality": "PARTIAL",
19 | "integrity": "PARTIAL"
20 | },
21 | "last-modified": "2018-10-11T20:47:00",
22 | "oval": [
23 | {
24 | "accepted": "2014-01-20T04:01:36.350-05:00",
25 | "class": "vulnerability",
26 | "contributors": [
27 | {
28 | "name": "Pai Peng",
29 | "organization": "Hewlett-Packard"
30 | },
31 | {
32 | "name": "Chris Coffin",
33 | "organization": "The MITRE Corporation"
34 | }
35 | ],
36 | "definition_extensions": [
37 | {
38 | "comment": "VMWare ESX Server 3.0.3 is installed",
39 | "oval": "oval:org.mitre.oval:def:6026"
40 | },
41 | {
42 | "comment": "VMware ESX Server 3.5.0 is installed",
43 | "oval": "oval:org.mitre.oval:def:5887"
44 | },
45 | {
46 | "comment": "VMware ESX Server 4.0 is installed",
47 | "oval": "oval:org.mitre.oval:def:6293"
48 | }
49 | ],
50 | "description": "Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by \"checks for integer overflows, contributed by Google.\"",
51 | "family": "unix",
52 | "id": "oval:org.mitre.oval:def:7720",
53 | "status": "accepted",
54 | "submitted": "2010-03-19T16:57:59.000-04:00",
55 | "title": "VMware python multiple integer overflows vulnerability",
56 | "version": "7"
57 | },
58 | {
59 | "accepted": "2013-04-29T04:18:07.005-04:00",
60 | "class": "vulnerability",
61 | "contributors": [
62 | {
63 | "name": "Aharon Chernin",
64 | "organization": "SCAP.com, LLC"
65 | },
66 | {
67 | "name": "Dragos Prisaca",
68 | "organization": "G2, Inc."
69 | }
70 | ],
71 | "definition_extensions": [
72 | {
73 | "comment": "The operating system installed on the system is Red Hat Enterprise Linux 3",
74 | "oval": "oval:org.mitre.oval:def:11782"
75 | },
76 | {
77 | "comment": "CentOS Linux 3.x",
78 | "oval": "oval:org.mitre.oval:def:16651"
79 | },
80 | {
81 | "comment": "The operating system installed on the system is Red Hat Enterprise Linux 4",
82 | "oval": "oval:org.mitre.oval:def:11831"
83 | },
84 | {
85 | "comment": "CentOS Linux 4.x",
86 | "oval": "oval:org.mitre.oval:def:16636"
87 | },
88 | {
89 | "comment": "Oracle Linux 4.x",
90 | "oval": "oval:org.mitre.oval:def:15990"
91 | },
92 | {
93 | "comment": "The operating system installed on the system is Red Hat Enterprise Linux 5",
94 | "oval": "oval:org.mitre.oval:def:11414"
95 | },
96 | {
97 | "comment": "The operating system installed on the system is CentOS Linux 5.x",
98 | "oval": "oval:org.mitre.oval:def:15802"
99 | },
100 | {
101 | "comment": "Oracle Linux 5.x",
102 | "oval": "oval:org.mitre.oval:def:15459"
103 | }
104 | ],
105 | "description": "\t\tby Google.\"",
106 | "family": "unix",
107 | "id": "oval:org.mitre.oval:def:8996",
108 | "status": "accepted",
109 | "submitted": "2010-07-09T03:56:16-04:00",
110 | "title": "\t\tby Google.\"",
111 | "version": "30"
112 | }
113 | ],
114 | "redhat": {
115 | "rpms": [
116 | "python-0:2.4.3-24.el5_3.6",
117 | "python-debuginfo-0:2.4.3-24.el5_3.6",
118 | "python-devel-0:2.4.3-24.el5_3.6",
119 | "python-tools-0:2.4.3-24.el5_3.6",
120 | "tkinter-0:2.4.3-24.el5_3.6",
121 | "python-0:2.3.4-14.7.el4_8.2",
122 | "python-debuginfo-0:2.3.4-14.7.el4_8.2",
123 | "python-devel-0:2.3.4-14.7.el4_8.2",
124 | "python-docs-0:2.3.4-14.7.el4_8.2",
125 | "python-tools-0:2.3.4-14.7.el4_8.2",
126 | "tkinter-0:2.3.4-14.7.el4_8.2",
127 | "python-0:2.2.3-6.11",
128 | "python-debuginfo-0:2.2.3-6.11",
129 | "python-devel-0:2.2.3-6.11",
130 | "python-tools-0:2.2.3-6.11",
131 | "tkinter-0:2.2.3-6.11"
132 | ]
133 | },
134 | "references": [
135 | "http://bugs.gentoo.org/show_bug.cgi?id=232137",
136 | "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html",
137 | "http://secunia.com/advisories/31332",
138 | "http://secunia.com/advisories/31365",
139 | "http://secunia.com/advisories/31473",
140 | "http://secunia.com/advisories/31518",
141 | "http://secunia.com/advisories/31687",
142 | "http://secunia.com/advisories/32793",
143 | "http://secunia.com/advisories/37471",
144 | "http://security.gentoo.org/glsa/glsa-200807-16.xml",
145 | "http://svn.python.org/view?rev=60793&view=rev",
146 | "http://wiki.rpath.com/Advisories:rPSA-2008-0243",
147 | "http://www.debian.org/security/2008/dsa-1667",
148 | "http://www.mandriva.com/security/advisories?name=MDVSA-2008:163",
149 | "http://www.mandriva.com/security/advisories?name=MDVSA-2008:164",
150 | "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900",
151 | "http://www.python.org/download/releases/2.5.2/NEWS.txt",
152 | "http://www.python.org/download/releases/2.6/NEWS.txt",
153 | "http://www.securityfocus.com/archive/1/495445/100/0/threaded",
154 | "http://www.securityfocus.com/archive/1/507985/100/0/threaded",
155 | "http://www.securityfocus.com/bid/30491",
156 | "http://www.ubuntu.com/usn/usn-632-1",
157 | "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
158 | "http://www.vupen.com/english/advisories/2008/2288",
159 | "http://www.vupen.com/english/advisories/2009/3316",
160 | "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7720",
161 | "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8996"
162 | ],
163 | "refmap": {
164 | "bid": [
165 | "30491"
166 | ],
167 | "bugtraq": [
168 | "20080813 rPSA-2008-0243-1 idle python",
169 | "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components"
170 | ],
171 | "confirm": [
172 | "http://bugs.gentoo.org/show_bug.cgi?id=232137",
173 | "http://svn.python.org/view?rev=60793&view=rev",
174 | "http://wiki.rpath.com/Advisories:rPSA-2008-0243",
175 | "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900",
176 | "http://www.python.org/download/releases/2.5.2/NEWS.txt",
177 | "http://www.python.org/download/releases/2.6/NEWS.txt",
178 | "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
179 | ],
180 | "debian": [
181 | "DSA-1667"
182 | ],
183 | "gentoo": [
184 | "GLSA-200807-16"
185 | ],
186 | "mandriva": [
187 | "MDVSA-2008:163",
188 | "MDVSA-2008:164"
189 | ],
190 | "secunia": [
191 | "31332",
192 | "31365",
193 | "31473",
194 | "31518",
195 | "31687",
196 | "32793",
197 | "37471"
198 | ],
199 | "suse": [
200 | "SUSE-SR:2008:017"
201 | ],
202 | "ubuntu": [
203 | "USN-632-1"
204 | ],
205 | "vupen": [
206 | "ADV-2008-2288",
207 | "ADV-2009-3316"
208 | ]
209 | },
210 | "summary": "Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by \"checks for integer overflows, contributed by Google.\"",
211 | "vulnerable_configuration": [
212 | {
213 | "id": "cpe:2.3:a:python_software_foundation:python:1.5.2:*:*:*:*:*:*:*",
214 | "title": "cpe:2.3:a:python_software_foundation:python:1.5.2:*:*:*:*:*:*:*"
215 | },
216 | {
217 | "id": "cpe:2.3:a:python_software_foundation:python:1.6.1:*:*:*:*:*:*:*",
218 | "title": "cpe:2.3:a:python_software_foundation:python:1.6.1:*:*:*:*:*:*:*"
219 | },
220 | {
221 | "id": "cpe:2.3:a:python_software_foundation:python:2.0.1:*:*:*:*:*:*:*",
222 | "title": "cpe:2.3:a:python_software_foundation:python:2.0.1:*:*:*:*:*:*:*"
223 | },
224 | {
225 | "id": "cpe:2.3:a:python_software_foundation:python:2.1.3:*:*:*:*:*:*:*",
226 | "title": "cpe:2.3:a:python_software_foundation:python:2.1.3:*:*:*:*:*:*:*"
227 | },
228 | {
229 | "id": "cpe:2.3:a:python_software_foundation:python:2.2.3:*:*:*:*:*:*:*",
230 | "title": "cpe:2.3:a:python_software_foundation:python:2.2.3:*:*:*:*:*:*:*"
231 | },
232 | {
233 | "id": "cpe:2.3:a:python_software_foundation:python:2.3.7:*:*:*:*:*:*:*",
234 | "title": "cpe:2.3:a:python_software_foundation:python:2.3.7:*:*:*:*:*:*:*"
235 | },
236 | {
237 | "id": "cpe:2.3:a:python_software_foundation:python:2.4.5:*:*:*:*:*:*:*",
238 | "title": "cpe:2.3:a:python_software_foundation:python:2.4.5:*:*:*:*:*:*:*"
239 | },
240 | {
241 | "id": "cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:*",
242 | "title": "cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:*"
243 | }
244 | ],
245 | "vulnerable_configuration_cpe_2_2": [],
246 | "vulnerable_product": [
247 | "cpe:2.3:a:python_software_foundation:python:1.5.2:*:*:*:*:*:*:*",
248 | "cpe:2.3:a:python_software_foundation:python:1.6.1:*:*:*:*:*:*:*",
249 | "cpe:2.3:a:python_software_foundation:python:2.0.1:*:*:*:*:*:*:*",
250 | "cpe:2.3:a:python_software_foundation:python:2.1.3:*:*:*:*:*:*:*",
251 | "cpe:2.3:a:python_software_foundation:python:2.2.3:*:*:*:*:*:*:*",
252 | "cpe:2.3:a:python_software_foundation:python:2.3.7:*:*:*:*:*:*:*",
253 | "cpe:2.3:a:python_software_foundation:python:2.4.5:*:*:*:*:*:*:*",
254 | "cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:*"
255 | ]
256 | }
--------------------------------------------------------------------------------
/cve/CVE-2009-4134.json:
--------------------------------------------------------------------------------
1 | {
2 | "Modified": "2020-02-18T19:28:00",
3 | "Published": "2010-05-27T19:30:00",
4 | "access": {
5 | "authentication": "NONE",
6 | "complexity": "LOW",
7 | "vector": "NETWORK"
8 | },
9 | "assigner": "cve@mitre.org",
10 | "capec": [],
11 | "cvss": 5.0,
12 | "cvss-time": "2020-02-18T19:28:00",
13 | "cvss-vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
14 | "cwe": "CWE-787",
15 | "id": "CVE-2009-4134",
16 | "impact": {
17 | "availability": "PARTIAL",
18 | "confidentiality": "NONE",
19 | "integrity": "NONE"
20 | },
21 | "last-modified": "2020-02-18T19:28:00",
22 | "redhat": {
23 | "advisories": [
24 | {
25 | "rhsa": {
26 | "id": "RHSA-2011:0027"
27 | }
28 | },
29 | {
30 | "rhsa": {
31 | "id": "RHSA-2011:0260"
32 | }
33 | }
34 | ],
35 | "rpms": [
36 | "python-0:2.4.3-43.el5",
37 | "python-debuginfo-0:2.4.3-43.el5",
38 | "python-devel-0:2.4.3-43.el5",
39 | "python-libs-0:2.4.3-43.el5",
40 | "python-tools-0:2.4.3-43.el5",
41 | "tkinter-0:2.4.3-43.el5",
42 | "python-0:2.3.4-14.9.el4",
43 | "python-debuginfo-0:2.3.4-14.9.el4",
44 | "python-devel-0:2.3.4-14.9.el4",
45 | "python-docs-0:2.3.4-14.9.el4",
46 | "python-tools-0:2.3.4-14.9.el4",
47 | "tkinter-0:2.3.4-14.9.el4"
48 | ]
49 | },
50 | "references": [
51 | "http://bugs.python.org/issue8678",
52 | "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html",
53 | "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html",
54 | "http://secunia.com/advisories/42888",
55 | "http://secunia.com/advisories/43068",
56 | "http://secunia.com/advisories/43364",
57 | "http://support.apple.com/kb/HT4435",
58 | "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215",
59 | "http://www.redhat.com/support/errata/RHSA-2011-0027.html",
60 | "http://www.redhat.com/support/errata/RHSA-2011-0260.html",
61 | "http://www.securityfocus.com/bid/40361",
62 | "http://www.vupen.com/english/advisories/2011/0122",
63 | "http://www.vupen.com/english/advisories/2011/0212",
64 | "http://www.vupen.com/english/advisories/2011/0413",
65 | "https://bugzilla.redhat.com/show_bug.cgi?id=541698"
66 | ],
67 | "refmap": {
68 | "apple": [
69 | "APPLE-SA-2010-11-10-1"
70 | ],
71 | "bid": [
72 | "40361"
73 | ],
74 | "confirm": [
75 | "http://bugs.python.org/issue8678",
76 | "http://support.apple.com/kb/HT4435",
77 | "https://bugzilla.redhat.com/show_bug.cgi?id=541698"
78 | ],
79 | "mandriva": [
80 | "MDVSA-2010:215"
81 | ],
82 | "secunia": [
83 | "42888",
84 | "43068",
85 | "43364"
86 | ],
87 | "suse": [
88 | "SUSE-SR:2011:002"
89 | ],
90 | "vupen": [
91 | "ADV-2011-0122",
92 | "ADV-2011-0212",
93 | "ADV-2011-0413"
94 | ]
95 | },
96 | "summary": "Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference.",
97 | "vulnerable_configuration": [
98 | {
99 | "id": "cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*",
100 | "title": "cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*"
101 | }
102 | ],
103 | "vulnerable_configuration_cpe_2_2": [],
104 | "vulnerable_product": [
105 | "cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*"
106 | ]
107 | }
--------------------------------------------------------------------------------
/cve/CVE-2010-1449.json:
--------------------------------------------------------------------------------
1 | {
2 | "Modified": "2020-02-18T19:36:00",
3 | "Published": "2010-05-27T19:30:00",
4 | "access": {
5 | "authentication": "NONE",
6 | "complexity": "LOW",
7 | "vector": "NETWORK"
8 | },
9 | "assigner": "cve@mitre.org",
10 | "capec": [
11 | {
12 | "id": "92",
13 | "name": "Forced Integer Overflow",
14 | "prerequisites": "The attacker can manipulate the value of an integer variable utilized by the target host. The target host does not do proper range checking on the variable before utilizing it. When the integer variable is incremented or decremented to an out of range value, it gets a very different value (e.g. very small or negative number)",
15 | "related_weakness": [
16 | "120",
17 | "122",
18 | "128",
19 | "190",
20 | "196",
21 | "680",
22 | "697"
23 | ],
24 | "solutions": "Use a language or compiler that performs automatic bounds checking. Carefully review the service's implementation before making it available to user. For instance you can use manual or automated code review to uncover vulnerabilities such as integer overflow. Use an abstraction library to abstract away risky APIs. Not a complete solution. Always do bound checking before consuming user input data.",
25 | "summary": "This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code."
26 | }
27 | ],
28 | "cvss": 7.5,
29 | "cvss-time": "2020-02-18T19:36:00",
30 | "cvss-vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
31 | "cwe": "CWE-190",
32 | "id": "CVE-2010-1449",
33 | "impact": {
34 | "availability": "PARTIAL",
35 | "confidentiality": "PARTIAL",
36 | "integrity": "PARTIAL"
37 | },
38 | "last-modified": "2020-02-18T19:36:00",
39 | "redhat": {
40 | "advisories": [
41 | {
42 | "rhsa": {
43 | "id": "RHSA-2011:0027"
44 | }
45 | },
46 | {
47 | "rhsa": {
48 | "id": "RHSA-2011:0260"
49 | }
50 | }
51 | ],
52 | "rpms": [
53 | "python-0:2.4.3-43.el5",
54 | "python-debuginfo-0:2.4.3-43.el5",
55 | "python-devel-0:2.4.3-43.el5",
56 | "python-libs-0:2.4.3-43.el5",
57 | "python-tools-0:2.4.3-43.el5",
58 | "tkinter-0:2.4.3-43.el5",
59 | "python-0:2.3.4-14.9.el4",
60 | "python-debuginfo-0:2.3.4-14.9.el4",
61 | "python-devel-0:2.3.4-14.9.el4",
62 | "python-docs-0:2.3.4-14.9.el4",
63 | "python-tools-0:2.3.4-14.9.el4",
64 | "tkinter-0:2.3.4-14.9.el4"
65 | ]
66 | },
67 | "references": [
68 | "http://bugs.python.org/issue8678",
69 | "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html",
70 | "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html",
71 | "http://secunia.com/advisories/42888",
72 | "http://secunia.com/advisories/43068",
73 | "http://secunia.com/advisories/43364",
74 | "http://support.apple.com/kb/HT4435",
75 | "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215",
76 | "http://www.redhat.com/support/errata/RHSA-2011-0027.html",
77 | "http://www.redhat.com/support/errata/RHSA-2011-0260.html",
78 | "http://www.securityfocus.com/bid/40363",
79 | "http://www.vupen.com/english/advisories/2011/0122",
80 | "http://www.vupen.com/english/advisories/2011/0212",
81 | "http://www.vupen.com/english/advisories/2011/0413",
82 | "https://bugzilla.redhat.com/show_bug.cgi?id=541698"
83 | ],
84 | "refmap": {
85 | "apple": [
86 | "APPLE-SA-2010-11-10-1"
87 | ],
88 | "bid": [
89 | "40363"
90 | ],
91 | "confirm": [
92 | "http://bugs.python.org/issue8678",
93 | "http://support.apple.com/kb/HT4435",
94 | "https://bugzilla.redhat.com/show_bug.cgi?id=541698"
95 | ],
96 | "mandriva": [
97 | "MDVSA-2010:215"
98 | ],
99 | "secunia": [
100 | "42888",
101 | "43068",
102 | "43364"
103 | ],
104 | "suse": [
105 | "SUSE-SR:2011:002"
106 | ],
107 | "vupen": [
108 | "ADV-2011-0122",
109 | "ADV-2011-0212",
110 | "ADV-2011-0413"
111 | ]
112 | },
113 | "summary": "Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12.",
114 | "vulnerable_configuration": [
115 | {
116 | "id": "cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*",
117 | "title": "cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*"
118 | }
119 | ],
120 | "vulnerable_configuration_cpe_2_2": [],
121 | "vulnerable_product": [
122 | "cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*"
123 | ]
124 | }
--------------------------------------------------------------------------------
/cve/CVE-2010-1634.json:
--------------------------------------------------------------------------------
1 | {
2 | "Modified": "2022-07-13T14:32:00",
3 | "Published": "2010-05-27T19:30:00",
4 | "access": {
5 | "authentication": "NONE",
6 | "complexity": "LOW",
7 | "vector": "NETWORK"
8 | },
9 | "assigner": "secalert@redhat.com",
10 | "capec": [
11 | {
12 | "id": "92",
13 | "name": "Forced Integer Overflow",
14 | "prerequisites": "The attacker can manipulate the value of an integer variable utilized by the target host. The target host does not do proper range checking on the variable before utilizing it. When the integer variable is incremented or decremented to an out of range value, it gets a very different value (e.g. very small or negative number)",
15 | "related_weakness": [
16 | "120",
17 | "122",
18 | "128",
19 | "190",
20 | "196",
21 | "680",
22 | "697"
23 | ],
24 | "solutions": "Use a language or compiler that performs automatic bounds checking. Carefully review the service's implementation before making it available to user. For instance you can use manual or automated code review to uncover vulnerabilities such as integer overflow. Use an abstraction library to abstract away risky APIs. Not a complete solution. Always do bound checking before consuming user input data.",
25 | "summary": "This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code."
26 | }
27 | ],
28 | "cvss": 5.0,
29 | "cvss-time": "2022-07-13T14:32:00",
30 | "cvss-vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
31 | "cwe": "CWE-190",
32 | "id": "CVE-2010-1634",
33 | "impact": {
34 | "availability": "PARTIAL",
35 | "confidentiality": "NONE",
36 | "integrity": "NONE"
37 | },
38 | "last-modified": "2022-07-13T14:32:00",
39 | "redhat": {
40 | "advisories": [
41 | {
42 | "rhsa": {
43 | "id": "RHSA-2011:0027"
44 | }
45 | }
46 | ],
47 | "rpms": [
48 | "python-0:2.4.3-43.el5",
49 | "python-debuginfo-0:2.4.3-43.el5",
50 | "python-devel-0:2.4.3-43.el5",
51 | "python-libs-0:2.4.3-43.el5",
52 | "python-tools-0:2.4.3-43.el5",
53 | "tkinter-0:2.4.3-43.el5",
54 | "python-0:2.3.4-14.10.el4",
55 | "python-debuginfo-0:2.3.4-14.10.el4",
56 | "python-devel-0:2.3.4-14.10.el4",
57 | "python-docs-0:2.3.4-14.10.el4",
58 | "python-tools-0:2.3.4-14.10.el4",
59 | "tkinter-0:2.3.4-14.10.el4"
60 | ]
61 | },
62 | "references": [
63 | "http://svn.python.org/view?rev=81045&view=rev",
64 | "http://secunia.com/advisories/39937",
65 | "http://svn.python.org/view?rev=81079&view=rev",
66 | "http://bugs.python.org/issue8674",
67 | "https://bugzilla.redhat.com/show_bug.cgi?id=590690",
68 | "http://www.securityfocus.com/bid/40370",
69 | "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html",
70 | "http://secunia.com/advisories/40194",
71 | "http://www.vupen.com/english/advisories/2010/1448",
72 | "http://www.vupen.com/english/advisories/2011/0122",
73 | "http://secunia.com/advisories/42888",
74 | "http://www.redhat.com/support/errata/RHSA-2011-0027.html",
75 | "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html",
76 | "http://www.vupen.com/english/advisories/2011/0212",
77 | "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html",
78 | "http://secunia.com/advisories/43068",
79 | "http://support.apple.com/kb/HT5002",
80 | "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html",
81 | "http://www.ubuntu.com/usn/USN-1596-1",
82 | "http://www.ubuntu.com/usn/USN-1613-2",
83 | "http://www.ubuntu.com/usn/USN-1613-1",
84 | "http://secunia.com/advisories/51040",
85 | "http://secunia.com/advisories/51024",
86 | "http://secunia.com/advisories/50858",
87 | "http://www.ubuntu.com/usn/USN-1616-1",
88 | "http://secunia.com/advisories/51087"
89 | ],
90 | "refmap": {
91 | "apple": [
92 | "APPLE-SA-2011-10-12-3"
93 | ],
94 | "bid": [
95 | "40370"
96 | ],
97 | "confirm": [
98 | "http://bugs.python.org/issue8674",
99 | "http://support.apple.com/kb/HT5002",
100 | "http://svn.python.org/view?rev=81045&view=rev",
101 | "http://svn.python.org/view?rev=81079&view=rev",
102 | "https://bugzilla.redhat.com/show_bug.cgi?id=590690"
103 | ],
104 | "fedora": [
105 | "FEDORA-2010-9652"
106 | ],
107 | "secunia": [
108 | "39937",
109 | "40194",
110 | "42888",
111 | "43068",
112 | "50858",
113 | "51024",
114 | "51040",
115 | "51087"
116 | ],
117 | "suse": [
118 | "SUSE-SR:2010:024",
119 | "SUSE-SR:2011:002"
120 | ],
121 | "ubuntu": [
122 | "USN-1596-1",
123 | "USN-1613-1",
124 | "USN-1613-2",
125 | "USN-1616-1"
126 | ],
127 | "vupen": [
128 | "ADV-2010-1448",
129 | "ADV-2011-0122",
130 | "ADV-2011-0212"
131 | ]
132 | },
133 | "summary": "Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.",
134 | "vulnerable_configuration": [
135 | {
136 | "id": "cpe:2.3:a:python:python:3.1.0:*:*:*:*:*:*:*",
137 | "title": "cpe:2.3:a:python:python:3.1.0:*:*:*:*:*:*:*"
138 | },
139 | {
140 | "id": "cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*",
141 | "title": "cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*"
142 | },
143 | {
144 | "id": "cpe:2.3:a:python:python:3.1.1:-:*:*:*:*:*:*",
145 | "title": "cpe:2.3:a:python:python:3.1.1:-:*:*:*:*:*:*"
146 | },
147 | {
148 | "id": "cpe:2.3:a:python:python:3.1.1:rc1:*:*:*:*:*:*",
149 | "title": "cpe:2.3:a:python:python:3.1.1:rc1:*:*:*:*:*:*"
150 | },
151 | {
152 | "id": "cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*",
153 | "title": "cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*"
154 | },
155 | {
156 | "id": "cpe:2.3:a:python:python:3.1.2:-:*:*:*:*:*:*",
157 | "title": "cpe:2.3:a:python:python:3.1.2:-:*:*:*:*:*:*"
158 | },
159 | {
160 | "id": "cpe:2.3:a:python:python:3.1.2:rc1:*:*:*:*:*:*",
161 | "title": "cpe:2.3:a:python:python:3.1.2:rc1:*:*:*:*:*:*"
162 | },
163 | {
164 | "id": "cpe:2.3:a:python:python:2.6.0:*:*:*:*:*:*:*",
165 | "title": "cpe:2.3:a:python:python:2.6.0:*:*:*:*:*:*:*"
166 | },
167 | {
168 | "id": "cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*",
169 | "title": "cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*"
170 | },
171 | {
172 | "id": "cpe:2.3:a:python:python:2.6.2:*:*:*:*:*:*:*",
173 | "title": "cpe:2.3:a:python:python:2.6.2:*:*:*:*:*:*:*"
174 | },
175 | {
176 | "id": "cpe:2.3:a:python:python:2.6.3:*:*:*:*:*:*:*",
177 | "title": "cpe:2.3:a:python:python:2.6.3:*:*:*:*:*:*:*"
178 | },
179 | {
180 | "id": "cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:*",
181 | "title": "cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:*"
182 | },
183 | {
184 | "id": "cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:*",
185 | "title": "cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:*"
186 | },
187 | {
188 | "id": "cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*",
189 | "title": "cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*"
190 | },
191 | {
192 | "id": "cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*",
193 | "title": "cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*"
194 | },
195 | {
196 | "id": "cpe:2.3:a:python:python:2.5.2:*:*:*:*:*:*:*",
197 | "title": "cpe:2.3:a:python:python:2.5.2:*:*:*:*:*:*:*"
198 | },
199 | {
200 | "id": "cpe:2.3:a:python:python:2.5.3:*:*:*:*:*:*:*",
201 | "title": "cpe:2.3:a:python:python:2.5.3:*:*:*:*:*:*:*"
202 | },
203 | {
204 | "id": "cpe:2.3:a:python:python:2.5.4:*:*:*:*:*:*:*",
205 | "title": "cpe:2.3:a:python:python:2.5.4:*:*:*:*:*:*:*"
206 | },
207 | {
208 | "id": "cpe:2.3:a:python:python:2.5.5:*:*:*:*:*:*:*",
209 | "title": "cpe:2.3:a:python:python:2.5.5:*:*:*:*:*:*:*"
210 | },
211 | {
212 | "id": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
213 | "title": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*"
214 | },
215 | {
216 | "id": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*",
217 | "title": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*"
218 | },
219 | {
220 | "id": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
221 | "title": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*"
222 | },
223 | {
224 | "id": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*",
225 | "title": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*"
226 | },
227 | {
228 | "id": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*",
229 | "title": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*"
230 | },
231 | {
232 | "id": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*",
233 | "title": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*"
234 | },
235 | {
236 | "id": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
237 | "title": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*"
238 | },
239 | {
240 | "id": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
241 | "title": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*"
242 | },
243 | {
244 | "id": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
245 | "title": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*"
246 | },
247 | {
248 | "id": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
249 | "title": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*"
250 | }
251 | ],
252 | "vulnerable_configuration_cpe_2_2": [],
253 | "vulnerable_product": [
254 | "cpe:2.3:a:python:python:3.1.0:*:*:*:*:*:*:*",
255 | "cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*",
256 | "cpe:2.3:a:python:python:3.1.1:-:*:*:*:*:*:*",
257 | "cpe:2.3:a:python:python:3.1.1:rc1:*:*:*:*:*:*",
258 | "cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*",
259 | "cpe:2.3:a:python:python:3.1.2:-:*:*:*:*:*:*",
260 | "cpe:2.3:a:python:python:3.1.2:rc1:*:*:*:*:*:*",
261 | "cpe:2.3:a:python:python:2.6.0:*:*:*:*:*:*:*",
262 | "cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*",
263 | "cpe:2.3:a:python:python:2.6.2:*:*:*:*:*:*:*",
264 | "cpe:2.3:a:python:python:2.6.3:*:*:*:*:*:*:*",
265 | "cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:*",
266 | "cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:*",
267 | "cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*",
268 | "cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*",
269 | "cpe:2.3:a:python:python:2.5.2:*:*:*:*:*:*:*",
270 | "cpe:2.3:a:python:python:2.5.3:*:*:*:*:*:*:*",
271 | "cpe:2.3:a:python:python:2.5.4:*:*:*:*:*:*:*",
272 | "cpe:2.3:a:python:python:2.5.5:*:*:*:*:*:*:*",
273 | "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
274 | "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*",
275 | "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
276 | "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*",
277 | "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*",
278 | "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*",
279 | "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
280 | "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
281 | "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
282 | "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*"
283 | ]
284 | }
--------------------------------------------------------------------------------
/cve/CVE-2010-2089.json:
--------------------------------------------------------------------------------
1 | {
2 | "Modified": "2022-08-16T13:32:00",
3 | "Published": "2010-05-27T19:30:00",
4 | "access": {
5 | "authentication": "NONE",
6 | "complexity": "LOW",
7 | "vector": "NETWORK"
8 | },
9 | "assigner": "cve@mitre.org",
10 | "capec": [],
11 | "cvss": 5.0,
12 | "cvss-time": "2022-08-16T13:32:00",
13 | "cvss-vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
14 | "cwe": "CWE-787",
15 | "id": "CVE-2010-2089",
16 | "impact": {
17 | "availability": "PARTIAL",
18 | "confidentiality": "NONE",
19 | "integrity": "NONE"
20 | },
21 | "last-modified": "2022-08-16T13:32:00",
22 | "redhat": {
23 | "advisories": [
24 | {
25 | "bugzilla": {
26 | "id": "644761",
27 | "title": "python-libs conflict on ia64 compatlayer"
28 | },
29 | "oval": {
30 | "OR": [
31 | {
32 | "comment": "Red Hat Enterprise Linux must be installed",
33 | "oval": "oval:com.redhat.rhba:tst:20070304026"
34 | },
35 | {
36 | "AND": [
37 | {
38 | "comment": "Red Hat Enterprise Linux 5 is installed",
39 | "oval": "oval:com.redhat.rhba:tst:20070331005"
40 | },
41 | {
42 | "OR": [
43 | {
44 | "AND": [
45 | {
46 | "comment": "python is earlier than 0:2.4.3-43.el5",
47 | "oval": "oval:com.redhat.rhsa:tst:20110027001"
48 | },
49 | {
50 | "comment": "python is signed with Red Hat redhatrelease key",
51 | "oval": "oval:com.redhat.rhsa:tst:20091176002"
52 | }
53 | ]
54 | },
55 | {
56 | "AND": [
57 | {
58 | "comment": "python-devel is earlier than 0:2.4.3-43.el5",
59 | "oval": "oval:com.redhat.rhsa:tst:20110027003"
60 | },
61 | {
62 | "comment": "python-devel is signed with Red Hat redhatrelease key",
63 | "oval": "oval:com.redhat.rhsa:tst:20091176004"
64 | }
65 | ]
66 | },
67 | {
68 | "AND": [
69 | {
70 | "comment": "python-libs is earlier than 0:2.4.3-43.el5",
71 | "oval": "oval:com.redhat.rhsa:tst:20110027005"
72 | },
73 | {
74 | "comment": "python-libs is signed with Red Hat redhatrelease key",
75 | "oval": "oval:com.redhat.rhsa:tst:20110027006"
76 | }
77 | ]
78 | },
79 | {
80 | "AND": [
81 | {
82 | "comment": "python-tools is earlier than 0:2.4.3-43.el5",
83 | "oval": "oval:com.redhat.rhsa:tst:20110027007"
84 | },
85 | {
86 | "comment": "python-tools is signed with Red Hat redhatrelease key",
87 | "oval": "oval:com.redhat.rhsa:tst:20091176006"
88 | }
89 | ]
90 | },
91 | {
92 | "AND": [
93 | {
94 | "comment": "tkinter is earlier than 0:2.4.3-43.el5",
95 | "oval": "oval:com.redhat.rhsa:tst:20110027009"
96 | },
97 | {
98 | "comment": "tkinter is signed with Red Hat redhatrelease key",
99 | "oval": "oval:com.redhat.rhsa:tst:20091176008"
100 | }
101 | ]
102 | }
103 | ]
104 | }
105 | ]
106 | }
107 | ]
108 | },
109 | "rhsa": {
110 | "id": "RHSA-2011:0027",
111 | "released": "2011-01-13",
112 | "severity": "Low",
113 | "title": "RHSA-2011:0027: python security, bug fix, and enhancement update (Low)"
114 | }
115 | }
116 | ],
117 | "rpms": [
118 | "python-0:2.4.3-43.el5",
119 | "python-debuginfo-0:2.4.3-43.el5",
120 | "python-devel-0:2.4.3-43.el5",
121 | "python-libs-0:2.4.3-43.el5",
122 | "python-tools-0:2.4.3-43.el5",
123 | "tkinter-0:2.4.3-43.el5",
124 | "python-0:2.3.4-14.10.el4",
125 | "python-debuginfo-0:2.3.4-14.10.el4",
126 | "python-devel-0:2.3.4-14.10.el4",
127 | "python-docs-0:2.3.4-14.10.el4",
128 | "python-tools-0:2.3.4-14.10.el4",
129 | "tkinter-0:2.3.4-14.10.el4"
130 | ]
131 | },
132 | "references": [
133 | "http://bugs.python.org/issue7673",
134 | "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html",
135 | "http://www.securityfocus.com/bid/40863",
136 | "http://secunia.com/advisories/40194",
137 | "http://www.vupen.com/english/advisories/2010/1448",
138 | "https://bugzilla.redhat.com/show_bug.cgi?id=598197",
139 | "http://www.vupen.com/english/advisories/2011/0122",
140 | "http://www.redhat.com/support/errata/RHSA-2011-0027.html",
141 | "http://secunia.com/advisories/42888",
142 | "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html",
143 | "http://secunia.com/advisories/43068",
144 | "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html",
145 | "http://www.vupen.com/english/advisories/2011/0212",
146 | "http://support.apple.com/kb/HT5002",
147 | "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html",
148 | "http://www.ubuntu.com/usn/USN-1596-1",
149 | "http://www.ubuntu.com/usn/USN-1613-2",
150 | "http://www.ubuntu.com/usn/USN-1613-1",
151 | "http://secunia.com/advisories/51040",
152 | "http://secunia.com/advisories/50858",
153 | "http://www.ubuntu.com/usn/USN-1616-1",
154 | "http://secunia.com/advisories/51087",
155 | "http://secunia.com/advisories/51024"
156 | ],
157 | "refmap": {
158 | "apple": [
159 | "APPLE-SA-2011-10-12-3"
160 | ],
161 | "bid": [
162 | "40863"
163 | ],
164 | "confirm": [
165 | "http://bugs.python.org/issue7673",
166 | "http://support.apple.com/kb/HT5002",
167 | "https://bugzilla.redhat.com/show_bug.cgi?id=598197"
168 | ],
169 | "fedora": [
170 | "FEDORA-2010-9652"
171 | ],
172 | "secunia": [
173 | "40194",
174 | "42888",
175 | "43068",
176 | "50858",
177 | "51024",
178 | "51040",
179 | "51087"
180 | ],
181 | "suse": [
182 | "SUSE-SR:2010:024",
183 | "SUSE-SR:2011:002"
184 | ],
185 | "ubuntu": [
186 | "USN-1596-1",
187 | "USN-1613-1",
188 | "USN-1613-2",
189 | "USN-1616-1"
190 | ],
191 | "vupen": [
192 | "ADV-2010-1448",
193 | "ADV-2011-0122",
194 | "ADV-2011-0212"
195 | ]
196 | },
197 | "summary": "The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.",
198 | "vulnerable_configuration": [
199 | {
200 | "id": "cpe:2.3:a:python:python:3.1.0:*:*:*:*:*:*:*",
201 | "title": "cpe:2.3:a:python:python:3.1.0:*:*:*:*:*:*:*"
202 | },
203 | {
204 | "id": "cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*",
205 | "title": "cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*"
206 | },
207 | {
208 | "id": "cpe:2.3:a:python:python:3.1.1:-:*:*:*:*:*:*",
209 | "title": "cpe:2.3:a:python:python:3.1.1:-:*:*:*:*:*:*"
210 | },
211 | {
212 | "id": "cpe:2.3:a:python:python:3.1.1:rc1:*:*:*:*:*:*",
213 | "title": "cpe:2.3:a:python:python:3.1.1:rc1:*:*:*:*:*:*"
214 | },
215 | {
216 | "id": "cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*",
217 | "title": "cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*"
218 | },
219 | {
220 | "id": "cpe:2.3:a:python:python:3.1.2:-:*:*:*:*:*:*",
221 | "title": "cpe:2.3:a:python:python:3.1.2:-:*:*:*:*:*:*"
222 | },
223 | {
224 | "id": "cpe:2.3:a:python:python:3.1.2:rc1:*:*:*:*:*:*",
225 | "title": "cpe:2.3:a:python:python:3.1.2:rc1:*:*:*:*:*:*"
226 | },
227 | {
228 | "id": "cpe:2.3:a:python:python:2.6.0:*:*:*:*:*:*:*",
229 | "title": "cpe:2.3:a:python:python:2.6.0:*:*:*:*:*:*:*"
230 | },
231 | {
232 | "id": "cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*",
233 | "title": "cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*"
234 | },
235 | {
236 | "id": "cpe:2.3:a:python:python:2.6.2:*:*:*:*:*:*:*",
237 | "title": "cpe:2.3:a:python:python:2.6.2:*:*:*:*:*:*:*"
238 | },
239 | {
240 | "id": "cpe:2.3:a:python:python:2.6.3:*:*:*:*:*:*:*",
241 | "title": "cpe:2.3:a:python:python:2.6.3:*:*:*:*:*:*:*"
242 | },
243 | {
244 | "id": "cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:*",
245 | "title": "cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:*"
246 | },
247 | {
248 | "id": "cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:*",
249 | "title": "cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:*"
250 | },
251 | {
252 | "id": "cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*",
253 | "title": "cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*"
254 | },
255 | {
256 | "id": "cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*",
257 | "title": "cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*"
258 | },
259 | {
260 | "id": "cpe:2.3:a:python:python:2.5.2:*:*:*:*:*:*:*",
261 | "title": "cpe:2.3:a:python:python:2.5.2:*:*:*:*:*:*:*"
262 | },
263 | {
264 | "id": "cpe:2.3:a:python:python:2.5.3:*:*:*:*:*:*:*",
265 | "title": "cpe:2.3:a:python:python:2.5.3:*:*:*:*:*:*:*"
266 | },
267 | {
268 | "id": "cpe:2.3:a:python:python:2.5.4:*:*:*:*:*:*:*",
269 | "title": "cpe:2.3:a:python:python:2.5.4:*:*:*:*:*:*:*"
270 | },
271 | {
272 | "id": "cpe:2.3:a:python:python:2.5.5:*:*:*:*:*:*:*",
273 | "title": "cpe:2.3:a:python:python:2.5.5:*:*:*:*:*:*:*"
274 | }
275 | ],
276 | "vulnerable_configuration_cpe_2_2": [],
277 | "vulnerable_product": [
278 | "cpe:2.3:a:python:python:3.1.0:*:*:*:*:*:*:*",
279 | "cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*",
280 | "cpe:2.3:a:python:python:3.1.1:-:*:*:*:*:*:*",
281 | "cpe:2.3:a:python:python:3.1.1:rc1:*:*:*:*:*:*",
282 | "cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*",
283 | "cpe:2.3:a:python:python:3.1.2:-:*:*:*:*:*:*",
284 | "cpe:2.3:a:python:python:3.1.2:rc1:*:*:*:*:*:*",
285 | "cpe:2.3:a:python:python:2.6.0:*:*:*:*:*:*:*",
286 | "cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*",
287 | "cpe:2.3:a:python:python:2.6.2:*:*:*:*:*:*:*",
288 | "cpe:2.3:a:python:python:2.6.3:*:*:*:*:*:*:*",
289 | "cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:*",
290 | "cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:*",
291 | "cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*",
292 | "cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*",
293 | "cpe:2.3:a:python:python:2.5.2:*:*:*:*:*:*:*",
294 | "cpe:2.3:a:python:python:2.5.3:*:*:*:*:*:*:*",
295 | "cpe:2.3:a:python:python:2.5.4:*:*:*:*:*:*:*",
296 | "cpe:2.3:a:python:python:2.5.5:*:*:*:*:*:*:*"
297 | ]
298 | }
--------------------------------------------------------------------------------
/cve/CVE-2010-3493.json:
--------------------------------------------------------------------------------
1 | {
2 | "Modified": "2019-10-25T11:53:00",
3 | "Published": "2010-10-19T20:00:00",
4 | "access": {
5 | "authentication": "NONE",
6 | "complexity": "MEDIUM",
7 | "vector": "NETWORK"
8 | },
9 | "assigner": "cve@mitre.org",
10 | "capec": [
11 | {
12 | "id": "26",
13 | "name": "Leveraging Race Conditions",
14 | "prerequisites": "A resource is accessed/modified concurrently by multiple processes such that a race condition exists. The adversary has the ability to modify the resource.",
15 | "related_weakness": [
16 | "362",
17 | "363",
18 | "366",
19 | "368",
20 | "370",
21 | "662",
22 | "665",
23 | "667",
24 | "689"
25 | ],
26 | "solutions": "Use safe libraries to access resources such as files. Be aware that improper use of access function calls such as chown(), tempfile(), chmod(), etc. can cause a race condition. Use synchronization to control the flow of execution. Use static analysis tools to find race conditions. Pay attention to concurrency problems related to the access of resources.",
27 | "summary": "The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by \"running the race\", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with his version and cause the system to read the malicious file."
28 | },
29 | {
30 | "id": "29",
31 | "name": "Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",
32 | "prerequisites": "A resource is access/modified concurrently by multiple processes. The adversary is able to modify resource. A race condition exists while accessing a resource.",
33 | "related_weakness": [
34 | "362",
35 | "366",
36 | "367",
37 | "368",
38 | "370",
39 | "662",
40 | "663",
41 | "665",
42 | "691"
43 | ],
44 | "solutions": "Use safe libraries to access resources such as files. Be aware that improper use of access function calls such as chown(), tempfile(), chmod(), etc. can cause a race condition. Use synchronization to control the flow of execution. Use static analysis tools to find race conditions. Pay attention to concurrency problems related to the access of resources.",
45 | "summary": "This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by \"running the race\", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly."
46 | }
47 | ],
48 | "cvss": 4.3,
49 | "cvss-time": "2019-10-25T11:53:00",
50 | "cvss-vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
51 | "cwe": "CWE-362",
52 | "id": "CVE-2010-3493",
53 | "impact": {
54 | "availability": "PARTIAL",
55 | "confidentiality": "NONE",
56 | "integrity": "NONE"
57 | },
58 | "last-modified": "2019-10-25T11:53:00",
59 | "oval": [
60 | {
61 | "accepted": "2013-11-14T10:21:28.623-05:00",
62 | "class": "vulnerability",
63 | "contributors": [
64 | {
65 | "name": "SecPod Team",
66 | "organization": "SecPod Technologies"
67 | },
68 | {
69 | "name": "Shane Shaffer",
70 | "organization": "G2, Inc."
71 | },
72 | {
73 | "name": "Shane Shaffer",
74 | "organization": "G2, Inc."
75 | },
76 | {
77 | "name": "Maria Kedovskaya",
78 | "organization": "ALTX-SOFT"
79 | },
80 | {
81 | "name": "Maria Kedovskaya",
82 | "organization": "ALTX-SOFT"
83 | },
84 | {
85 | "name": "Maria Kedovskaya",
86 | "organization": "ALTX-SOFT"
87 | },
88 | {
89 | "name": "Maria Kedovskaya",
90 | "organization": "ALTX-SOFT"
91 | }
92 | ],
93 | "definition_extensions": [
94 | {
95 | "comment": "Python is installed",
96 | "oval": "oval:org.mitre.oval:def:11791"
97 | }
98 | ],
99 | "description": "Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.",
100 | "family": "windows",
101 | "id": "oval:org.mitre.oval:def:12210",
102 | "status": "accepted",
103 | "submitted": "2010-11-18T10:50:19",
104 | "title": "Vulnerability in smtpd module in Python 2.6, 2.7, 3.1 and 3.2 alpha",
105 | "version": "85"
106 | }
107 | ],
108 | "redhat": {
109 | "rpms": [
110 | "python-0:2.3.4-14.10.el4",
111 | "python-debuginfo-0:2.3.4-14.10.el4",
112 | "python-devel-0:2.3.4-14.10.el4",
113 | "python-docs-0:2.3.4-14.10.el4",
114 | "python-tools-0:2.3.4-14.10.el4",
115 | "tkinter-0:2.3.4-14.10.el4",
116 | "python-0:2.4.3-44.el5",
117 | "python-debuginfo-0:2.4.3-44.el5",
118 | "python-devel-0:2.4.3-44.el5",
119 | "python-libs-0:2.4.3-44.el5",
120 | "python-tools-0:2.4.3-44.el5",
121 | "tkinter-0:2.4.3-44.el5",
122 | "python-0:2.6.6-20.el6",
123 | "python-debuginfo-0:2.6.6-20.el6",
124 | "python-devel-0:2.6.6-20.el6",
125 | "python-docs-0:2.6.6-2.el6",
126 | "python-libs-0:2.6.6-20.el6",
127 | "python-test-0:2.6.6-20.el6",
128 | "python-tools-0:2.6.6-20.el6",
129 | "tkinter-0:2.6.6-20.el6"
130 | ]
131 | },
132 | "references": [
133 | "http://bugs.python.org/issue6706",
134 | "http://bugs.python.org/issue9129",
135 | "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html",
136 | "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html",
137 | "http://secunia.com/advisories/43068",
138 | "http://secunia.com/advisories/50858",
139 | "http://secunia.com/advisories/51024",
140 | "http://secunia.com/advisories/51040",
141 | "http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289&r2=84288&pathrev=84289",
142 | "http://svn.python.org/view?view=rev&revision=84289",
143 | "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215",
144 | "http://www.mandriva.com/security/advisories?name=MDVSA-2010:216",
145 | "http://www.openwall.com/lists/oss-security/2010/09/09/6",
146 | "http://www.openwall.com/lists/oss-security/2010/09/11/2",
147 | "http://www.openwall.com/lists/oss-security/2010/09/22/3",
148 | "http://www.openwall.com/lists/oss-security/2010/09/24/3",
149 | "http://www.securityfocus.com/bid/44533",
150 | "http://www.ubuntu.com/usn/USN-1596-1",
151 | "http://www.ubuntu.com/usn/USN-1613-1",
152 | "http://www.ubuntu.com/usn/USN-1613-2",
153 | "http://www.vupen.com/english/advisories/2011/0212",
154 | "https://bugs.launchpad.net/zodb/+bug/135108",
155 | "https://bugzilla.redhat.com/show_bug.cgi?id=632200",
156 | "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12210"
157 | ],
158 | "refmap": {
159 | "bid": [
160 | "44533"
161 | ],
162 | "confirm": [
163 | "http://bugs.python.org/issue9129",
164 | "http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289&r2=84288&pathrev=84289",
165 | "http://svn.python.org/view?view=rev&revision=84289",
166 | "https://bugzilla.redhat.com/show_bug.cgi?id=632200"
167 | ],
168 | "mandriva": [
169 | "MDVSA-2010:215",
170 | "MDVSA-2010:216"
171 | ],
172 | "misc": [
173 | "http://bugs.python.org/issue6706",
174 | "https://bugs.launchpad.net/zodb/+bug/135108"
175 | ],
176 | "mlist": [
177 | "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken => more subcases",
178 | "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases",
179 | "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases",
180 | "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases"
181 | ],
182 | "secunia": [
183 | "43068",
184 | "50858",
185 | "51024",
186 | "51040"
187 | ],
188 | "suse": [
189 | "SUSE-SR:2010:024",
190 | "SUSE-SR:2011:002"
191 | ],
192 | "ubuntu": [
193 | "USN-1596-1",
194 | "USN-1613-1",
195 | "USN-1613-2"
196 | ],
197 | "vupen": [
198 | "ADV-2011-0212"
199 | ]
200 | },
201 | "summary": "Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.",
202 | "vulnerable_configuration": [
203 | {
204 | "id": "cpe:2.3:a:python:python:3.1:*:*:*:*:*:*:*",
205 | "title": "cpe:2.3:a:python:python:3.1:*:*:*:*:*:*:*"
206 | },
207 | {
208 | "id": "cpe:2.3:a:python:python:3.2:alpha:*:*:*:*:*:*",
209 | "title": "cpe:2.3:a:python:python:3.2:alpha:*:*:*:*:*:*"
210 | }
211 | ],
212 | "vulnerable_configuration_cpe_2_2": [],
213 | "vulnerable_product": [
214 | "cpe:2.3:a:python:python:3.1:*:*:*:*:*:*:*",
215 | "cpe:2.3:a:python:python:3.2:alpha:*:*:*:*:*:*"
216 | ]
217 | }
--------------------------------------------------------------------------------
/cve/CVE-2012-2135.json:
--------------------------------------------------------------------------------
1 | {
2 | "Modified": "2022-07-28T12:36:00",
3 | "Published": "2012-08-14T22:55:00",
4 | "access": {
5 | "authentication": "NONE",
6 | "complexity": "LOW",
7 | "vector": "NETWORK"
8 | },
9 | "assigner": "secalert@redhat.com",
10 | "capec": [],
11 | "cvss": 6.4,
12 | "cvss-time": "2022-07-28T12:36:00",
13 | "cvss-vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
14 | "cwe": "NVD-CWE-Other",
15 | "id": "CVE-2012-2135",
16 | "impact": {
17 | "availability": "PARTIAL",
18 | "confidentiality": "PARTIAL",
19 | "integrity": "NONE"
20 | },
21 | "last-modified": "2022-07-28T12:36:00",
22 | "references": [
23 | "http://bugs.python.org/issue14579",
24 | "http://www.openwall.com/lists/oss-security/2012/04/25/4",
25 | "http://www.openwall.com/lists/oss-security/2012/04/25/2",
26 | "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670389",
27 | "http://www.ubuntu.com/usn/USN-1615-1",
28 | "http://secunia.com/advisories/51089",
29 | "http://www.ubuntu.com/usn/USN-1616-1",
30 | "http://secunia.com/advisories/51087"
31 | ],
32 | "refmap": {
33 | "misc": [
34 | "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670389",
35 | "http://bugs.python.org/issue14579"
36 | ],
37 | "mlist": [
38 | "[oss-security] 20120425 CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated",
39 | "[oss-security] 20120425 Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated"
40 | ],
41 | "secunia": [
42 | "51087",
43 | "51089"
44 | ],
45 | "ubuntu": [
46 | "USN-1615-1",
47 | "USN-1616-1"
48 | ]
49 | },
50 | "summary": "The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.",
51 | "vulnerable_configuration": [
52 | {
53 | "id": "cpe:2.3:a:python:python:2.7.0:*:*:*:*:*:*:*",
54 | "title": "cpe:2.3:a:python:python:2.7.0:*:*:*:*:*:*:*"
55 | },
56 | {
57 | "id": "cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*",
58 | "title": "cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*"
59 | },
60 | {
61 | "id": "cpe:2.3:a:python:python:2.7.1:-:*:*:*:*:*:*",
62 | "title": "cpe:2.3:a:python:python:2.7.1:-:*:*:*:*:*:*"
63 | },
64 | {
65 | "id": "cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:*",
66 | "title": "cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:*"
67 | },
68 | {
69 | "id": "cpe:2.3:a:python:python:2.7.2:*:*:*:*:*:*:*",
70 | "title": "cpe:2.3:a:python:python:2.7.2:*:*:*:*:*:*:*"
71 | },
72 | {
73 | "id": "cpe:2.3:a:python:python:2.7.2:-:*:*:*:*:*:*",
74 | "title": "cpe:2.3:a:python:python:2.7.2:-:*:*:*:*:*:*"
75 | },
76 | {
77 | "id": "cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:*",
78 | "title": "cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:*"
79 | },
80 | {
81 | "id": "cpe:2.3:a:python:python:2.7.3:*:*:*:*:*:*:*",
82 | "title": "cpe:2.3:a:python:python:2.7.3:*:*:*:*:*:*:*"
83 | },
84 | {
85 | "id": "cpe:2.3:a:python:python:2.7.3:-:*:*:*:*:*:*",
86 | "title": "cpe:2.3:a:python:python:2.7.3:-:*:*:*:*:*:*"
87 | },
88 | {
89 | "id": "cpe:2.3:a:python:python:2.7.3:rc1:*:*:*:*:*:*",
90 | "title": "cpe:2.3:a:python:python:2.7.3:rc1:*:*:*:*:*:*"
91 | },
92 | {
93 | "id": "cpe:2.3:a:python:python:2.7.3:rc2:*:*:*:*:*:*",
94 | "title": "cpe:2.3:a:python:python:2.7.3:rc2:*:*:*:*:*:*"
95 | },
96 | {
97 | "id": "cpe:2.3:a:python:python:2.7.4:*:*:*:*:*:*:*",
98 | "title": "cpe:2.3:a:python:python:2.7.4:*:*:*:*:*:*:*"
99 | },
100 | {
101 | "id": "cpe:2.3:a:python:python:2.7.4:-:*:*:*:*:*:*",
102 | "title": "cpe:2.3:a:python:python:2.7.4:-:*:*:*:*:*:*"
103 | },
104 | {
105 | "id": "cpe:2.3:a:python:python:2.7.4:rc1:*:*:*:*:*:*",
106 | "title": "cpe:2.3:a:python:python:2.7.4:rc1:*:*:*:*:*:*"
107 | },
108 | {
109 | "id": "cpe:2.3:a:python:python:2.7.5:*:*:*:*:*:*:*",
110 | "title": "cpe:2.3:a:python:python:2.7.5:*:*:*:*:*:*:*"
111 | },
112 | {
113 | "id": "cpe:2.3:a:python:python:2.7.6:*:*:*:*:*:*:*",
114 | "title": "cpe:2.3:a:python:python:2.7.6:*:*:*:*:*:*:*"
115 | },
116 | {
117 | "id": "cpe:2.3:a:python:python:2.7.6:-:*:*:*:*:*:*",
118 | "title": "cpe:2.3:a:python:python:2.7.6:-:*:*:*:*:*:*"
119 | },
120 | {
121 | "id": "cpe:2.3:a:python:python:2.7.6:rc1:*:*:*:*:*:*",
122 | "title": "cpe:2.3:a:python:python:2.7.6:rc1:*:*:*:*:*:*"
123 | },
124 | {
125 | "id": "cpe:2.3:a:python:python:2.7.7:*:*:*:*:*:*:*",
126 | "title": "cpe:2.3:a:python:python:2.7.7:*:*:*:*:*:*:*"
127 | },
128 | {
129 | "id": "cpe:2.3:a:python:python:2.7.7:-:*:*:*:*:*:*",
130 | "title": "cpe:2.3:a:python:python:2.7.7:-:*:*:*:*:*:*"
131 | },
132 | {
133 | "id": "cpe:2.3:a:python:python:2.7.7:rc1:*:*:*:*:*:*",
134 | "title": "cpe:2.3:a:python:python:2.7.7:rc1:*:*:*:*:*:*"
135 | },
136 | {
137 | "id": "cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*",
138 | "title": "cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*"
139 | },
140 | {
141 | "id": "cpe:2.3:a:python:python:3.3.0:-:*:*:*:*:*:*",
142 | "title": "cpe:2.3:a:python:python:3.3.0:-:*:*:*:*:*:*"
143 | },
144 | {
145 | "id": "cpe:2.3:a:python:python:3.3.0:alpha1:*:*:*:*:*:*",
146 | "title": "cpe:2.3:a:python:python:3.3.0:alpha1:*:*:*:*:*:*"
147 | },
148 | {
149 | "id": "cpe:2.3:a:python:python:3.3.0:alpha2:*:*:*:*:*:*",
150 | "title": "cpe:2.3:a:python:python:3.3.0:alpha2:*:*:*:*:*:*"
151 | },
152 | {
153 | "id": "cpe:2.3:a:python:python:3.3.0:alpha3:*:*:*:*:*:*",
154 | "title": "cpe:2.3:a:python:python:3.3.0:alpha3:*:*:*:*:*:*"
155 | },
156 | {
157 | "id": "cpe:2.3:a:python:python:3.3.0:alpha4:*:*:*:*:*:*",
158 | "title": "cpe:2.3:a:python:python:3.3.0:alpha4:*:*:*:*:*:*"
159 | },
160 | {
161 | "id": "cpe:2.3:a:python:python:3.3.0:beta1:*:*:*:*:*:*",
162 | "title": "cpe:2.3:a:python:python:3.3.0:beta1:*:*:*:*:*:*"
163 | },
164 | {
165 | "id": "cpe:2.3:a:python:python:3.3.0:beta2:*:*:*:*:*:*",
166 | "title": "cpe:2.3:a:python:python:3.3.0:beta2:*:*:*:*:*:*"
167 | },
168 | {
169 | "id": "cpe:2.3:a:python:python:3.3.0:rc1:*:*:*:*:*:*",
170 | "title": "cpe:2.3:a:python:python:3.3.0:rc1:*:*:*:*:*:*"
171 | },
172 | {
173 | "id": "cpe:2.3:a:python:python:3.3.0:rc2:*:*:*:*:*:*",
174 | "title": "cpe:2.3:a:python:python:3.3.0:rc2:*:*:*:*:*:*"
175 | },
176 | {
177 | "id": "cpe:2.3:a:python:python:3.3.0:rc3:*:*:*:*:*:*",
178 | "title": "cpe:2.3:a:python:python:3.3.0:rc3:*:*:*:*:*:*"
179 | },
180 | {
181 | "id": "cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*",
182 | "title": "cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*"
183 | },
184 | {
185 | "id": "cpe:2.3:a:python:python:3.3.1:-:*:*:*:*:*:*",
186 | "title": "cpe:2.3:a:python:python:3.3.1:-:*:*:*:*:*:*"
187 | },
188 | {
189 | "id": "cpe:2.3:a:python:python:3.3.1:rc1:*:*:*:*:*:*",
190 | "title": "cpe:2.3:a:python:python:3.3.1:rc1:*:*:*:*:*:*"
191 | },
192 | {
193 | "id": "cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*",
194 | "title": "cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*"
195 | },
196 | {
197 | "id": "cpe:2.3:a:python:python:3.3.2:-:*:*:*:*:*:*",
198 | "title": "cpe:2.3:a:python:python:3.3.2:-:*:*:*:*:*:*"
199 | },
200 | {
201 | "id": "cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*",
202 | "title": "cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*"
203 | },
204 | {
205 | "id": "cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*",
206 | "title": "cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*"
207 | },
208 | {
209 | "id": "cpe:2.3:a:python:python:3.2.1:-:*:*:*:*:*:*",
210 | "title": "cpe:2.3:a:python:python:3.2.1:-:*:*:*:*:*:*"
211 | },
212 | {
213 | "id": "cpe:2.3:a:python:python:3.2.1:beta1:*:*:*:*:*:*",
214 | "title": "cpe:2.3:a:python:python:3.2.1:beta1:*:*:*:*:*:*"
215 | },
216 | {
217 | "id": "cpe:2.3:a:python:python:3.2.1:rc1:*:*:*:*:*:*",
218 | "title": "cpe:2.3:a:python:python:3.2.1:rc1:*:*:*:*:*:*"
219 | },
220 | {
221 | "id": "cpe:2.3:a:python:python:3.2.1:rc2:*:*:*:*:*:*",
222 | "title": "cpe:2.3:a:python:python:3.2.1:rc2:*:*:*:*:*:*"
223 | },
224 | {
225 | "id": "cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*",
226 | "title": "cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*"
227 | },
228 | {
229 | "id": "cpe:2.3:a:python:python:3.2.2:-:*:*:*:*:*:*",
230 | "title": "cpe:2.3:a:python:python:3.2.2:-:*:*:*:*:*:*"
231 | },
232 | {
233 | "id": "cpe:2.3:a:python:python:3.2.2:rc1:*:*:*:*:*:*",
234 | "title": "cpe:2.3:a:python:python:3.2.2:rc1:*:*:*:*:*:*"
235 | },
236 | {
237 | "id": "cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*",
238 | "title": "cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*"
239 | },
240 | {
241 | "id": "cpe:2.3:a:python:python:3.2.3:-:*:*:*:*:*:*",
242 | "title": "cpe:2.3:a:python:python:3.2.3:-:*:*:*:*:*:*"
243 | },
244 | {
245 | "id": "cpe:2.3:a:python:python:3.2.3:rc1:*:*:*:*:*:*",
246 | "title": "cpe:2.3:a:python:python:3.2.3:rc1:*:*:*:*:*:*"
247 | },
248 | {
249 | "id": "cpe:2.3:a:python:python:3.2.3:rc2:*:*:*:*:*:*",
250 | "title": "cpe:2.3:a:python:python:3.2.3:rc2:*:*:*:*:*:*"
251 | },
252 | {
253 | "id": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
254 | "title": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*"
255 | },
256 | {
257 | "id": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
258 | "title": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*"
259 | },
260 | {
261 | "id": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
262 | "title": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*"
263 | },
264 | {
265 | "id": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
266 | "title": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*"
267 | },
268 | {
269 | "id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
270 | "title": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*"
271 | },
272 | {
273 | "id": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
274 | "title": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*"
275 | }
276 | ],
277 | "vulnerable_configuration_cpe_2_2": [],
278 | "vulnerable_product": [
279 | "cpe:2.3:a:python:python:2.7.0:*:*:*:*:*:*:*",
280 | "cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*",
281 | "cpe:2.3:a:python:python:2.7.1:-:*:*:*:*:*:*",
282 | "cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:*",
283 | "cpe:2.3:a:python:python:2.7.2:*:*:*:*:*:*:*",
284 | "cpe:2.3:a:python:python:2.7.2:-:*:*:*:*:*:*",
285 | "cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:*",
286 | "cpe:2.3:a:python:python:2.7.3:*:*:*:*:*:*:*",
287 | "cpe:2.3:a:python:python:2.7.3:-:*:*:*:*:*:*",
288 | "cpe:2.3:a:python:python:2.7.3:rc1:*:*:*:*:*:*",
289 | "cpe:2.3:a:python:python:2.7.3:rc2:*:*:*:*:*:*",
290 | "cpe:2.3:a:python:python:2.7.4:*:*:*:*:*:*:*",
291 | "cpe:2.3:a:python:python:2.7.4:-:*:*:*:*:*:*",
292 | "cpe:2.3:a:python:python:2.7.4:rc1:*:*:*:*:*:*",
293 | "cpe:2.3:a:python:python:2.7.5:*:*:*:*:*:*:*",
294 | "cpe:2.3:a:python:python:2.7.6:*:*:*:*:*:*:*",
295 | "cpe:2.3:a:python:python:2.7.6:-:*:*:*:*:*:*",
296 | "cpe:2.3:a:python:python:2.7.6:rc1:*:*:*:*:*:*",
297 | "cpe:2.3:a:python:python:2.7.7:*:*:*:*:*:*:*",
298 | "cpe:2.3:a:python:python:2.7.7:-:*:*:*:*:*:*",
299 | "cpe:2.3:a:python:python:2.7.7:rc1:*:*:*:*:*:*",
300 | "cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*",
301 | "cpe:2.3:a:python:python:3.3.0:-:*:*:*:*:*:*",
302 | "cpe:2.3:a:python:python:3.3.0:alpha1:*:*:*:*:*:*",
303 | "cpe:2.3:a:python:python:3.3.0:alpha2:*:*:*:*:*:*",
304 | "cpe:2.3:a:python:python:3.3.0:alpha3:*:*:*:*:*:*",
305 | "cpe:2.3:a:python:python:3.3.0:alpha4:*:*:*:*:*:*",
306 | "cpe:2.3:a:python:python:3.3.0:beta1:*:*:*:*:*:*",
307 | "cpe:2.3:a:python:python:3.3.0:beta2:*:*:*:*:*:*",
308 | "cpe:2.3:a:python:python:3.3.0:rc1:*:*:*:*:*:*",
309 | "cpe:2.3:a:python:python:3.3.0:rc2:*:*:*:*:*:*",
310 | "cpe:2.3:a:python:python:3.3.0:rc3:*:*:*:*:*:*",
311 | "cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*",
312 | "cpe:2.3:a:python:python:3.3.1:-:*:*:*:*:*:*",
313 | "cpe:2.3:a:python:python:3.3.1:rc1:*:*:*:*:*:*",
314 | "cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*",
315 | "cpe:2.3:a:python:python:3.3.2:-:*:*:*:*:*:*",
316 | "cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*",
317 | "cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*",
318 | "cpe:2.3:a:python:python:3.2.1:-:*:*:*:*:*:*",
319 | "cpe:2.3:a:python:python:3.2.1:beta1:*:*:*:*:*:*",
320 | "cpe:2.3:a:python:python:3.2.1:rc1:*:*:*:*:*:*",
321 | "cpe:2.3:a:python:python:3.2.1:rc2:*:*:*:*:*:*",
322 | "cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*",
323 | "cpe:2.3:a:python:python:3.2.2:-:*:*:*:*:*:*",
324 | "cpe:2.3:a:python:python:3.2.2:rc1:*:*:*:*:*:*",
325 | "cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*",
326 | "cpe:2.3:a:python:python:3.2.3:-:*:*:*:*:*:*",
327 | "cpe:2.3:a:python:python:3.2.3:rc1:*:*:*:*:*:*",
328 | "cpe:2.3:a:python:python:3.2.3:rc2:*:*:*:*:*:*",
329 | "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
330 | "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
331 | "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
332 | "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
333 | "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
334 | "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*"
335 | ]
336 | }
--------------------------------------------------------------------------------
/cve/CVE-2013-1752.json:
--------------------------------------------------------------------------------
1 | {
2 | "Modified": "2019-06-03T20:15:00",
3 | "Published": "2019-06-03T20:15:00",
4 | "access": {},
5 | "assigner": "cve@mitre.org",
6 | "cvss": 5.0,
7 | "cwe": "Unknown",
8 | "id": "CVE-2013-1752",
9 | "impact": {},
10 | "last-modified": "2019-06-03T20:15:00",
11 | "redhat": {
12 | "rpms": [
13 | "python27-0:1.1-17.el6",
14 | "python27-0:1.1-20.el7",
15 | "python27-python-0:2.7.8-3.el6",
16 | "python27-python-0:2.7.8-3.el7",
17 | "python27-python-debug-0:2.7.8-3.el6",
18 | "python27-python-debug-0:2.7.8-3.el7",
19 | "python27-python-debuginfo-0:2.7.8-3.el6",
20 | "python27-python-debuginfo-0:2.7.8-3.el7",
21 | "python27-python-devel-0:2.7.8-3.el6",
22 | "python27-python-devel-0:2.7.8-3.el7",
23 | "python27-python-libs-0:2.7.8-3.el6",
24 | "python27-python-libs-0:2.7.8-3.el7",
25 | "python27-python-pip-0:1.5.6-5.el6",
26 | "python27-python-pip-0:1.5.6-5.el7",
27 | "python27-python-setuptools-0:0.9.8-3.el6",
28 | "python27-python-setuptools-0:0.9.8-5.el7",
29 | "python27-python-simplejson-0:3.2.0-2.el6",
30 | "python27-python-simplejson-0:3.2.0-3.el7",
31 | "python27-python-simplejson-debuginfo-0:3.2.0-2.el6",
32 | "python27-python-simplejson-debuginfo-0:3.2.0-3.el7",
33 | "python27-python-test-0:2.7.8-3.el6",
34 | "python27-python-test-0:2.7.8-3.el7",
35 | "python27-python-tools-0:2.7.8-3.el6",
36 | "python27-python-tools-0:2.7.8-3.el7",
37 | "python27-python-wheel-0:0.24.0-2.el6",
38 | "python27-python-wheel-0:0.24.0-2.el7",
39 | "python27-runtime-0:1.1-17.el6",
40 | "python27-runtime-0:1.1-20.el7",
41 | "python27-scldevel-0:1.1-17.el6",
42 | "python27-scldevel-0:1.1-20.el7",
43 | "python27-tkinter-0:2.7.8-3.el6",
44 | "python27-tkinter-0:2.7.8-3.el7",
45 | "python-0:2.6.6-64.el6",
46 | "python-debuginfo-0:2.6.6-64.el6",
47 | "python-devel-0:2.6.6-64.el6",
48 | "python-libs-0:2.6.6-64.el6",
49 | "python-test-0:2.6.6-64.el6",
50 | "python-tools-0:2.6.6-64.el6",
51 | "tkinter-0:2.6.6-64.el6",
52 | "python-0:2.7.5-34.el7",
53 | "python-debug-0:2.7.5-34.el7",
54 | "python-debuginfo-0:2.7.5-34.el7",
55 | "python-devel-0:2.7.5-34.el7",
56 | "python-libs-0:2.7.5-34.el7",
57 | "python-test-0:2.7.5-34.el7",
58 | "python-tools-0:2.7.5-34.el7",
59 | "tkinter-0:2.7.5-34.el7"
60 | ]
61 | },
62 | "references": [],
63 | "refmap": {
64 | "misc": [
65 | "https://www.openwall.com/lists/oss-security/2013/12/27/9"
66 | ]
67 | },
68 | "summary": "** REJECT ** Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 \"Independently Fixable\" in the CVE Counting Decisions.",
69 | "vulnerable_configuration": [],
70 | "vulnerable_configuration_cpe_2_2": [],
71 | "vulnerable_product": []
72 | }
--------------------------------------------------------------------------------
/cve/CVE-2014-2667.json:
--------------------------------------------------------------------------------
1 | {
2 | "Modified": "2017-07-01T01:29:00",
3 | "Published": "2014-11-16T01:59:00",
4 | "access": {
5 | "authentication": "NONE",
6 | "complexity": "MEDIUM",
7 | "vector": "LOCAL"
8 | },
9 | "assigner": "cve@mitre.org",
10 | "capec": [
11 | {
12 | "id": "26",
13 | "name": "Leveraging Race Conditions",
14 | "prerequisites": "A resource is accessed/modified concurrently by multiple processes such that a race condition exists. The adversary has the ability to modify the resource.",
15 | "related_weakness": [
16 | "362",
17 | "363",
18 | "366",
19 | "368",
20 | "370",
21 | "662",
22 | "665",
23 | "667",
24 | "689"
25 | ],
26 | "solutions": "Use safe libraries to access resources such as files. Be aware that improper use of access function calls such as chown(), tempfile(), chmod(), etc. can cause a race condition. Use synchronization to control the flow of execution. Use static analysis tools to find race conditions. Pay attention to concurrency problems related to the access of resources.",
27 | "summary": "The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by \"running the race\", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with his version and cause the system to read the malicious file."
28 | },
29 | {
30 | "id": "29",
31 | "name": "Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",
32 | "prerequisites": "A resource is access/modified concurrently by multiple processes. The adversary is able to modify resource. A race condition exists while accessing a resource.",
33 | "related_weakness": [
34 | "362",
35 | "366",
36 | "367",
37 | "368",
38 | "370",
39 | "662",
40 | "663",
41 | "665",
42 | "691"
43 | ],
44 | "solutions": "Use safe libraries to access resources such as files. Be aware that improper use of access function calls such as chown(), tempfile(), chmod(), etc. can cause a race condition. Use synchronization to control the flow of execution. Use static analysis tools to find race conditions. Pay attention to concurrency problems related to the access of resources.",
45 | "summary": "This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by \"running the race\", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly."
46 | }
47 | ],
48 | "cvss": 3.3,
49 | "cvss-time": "2017-07-01T01:29:00",
50 | "cvss-vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
51 | "cwe": "CWE-362",
52 | "id": "CVE-2014-2667",
53 | "impact": {
54 | "availability": "NONE",
55 | "confidentiality": "PARTIAL",
56 | "integrity": "PARTIAL"
57 | },
58 | "last-modified": "2017-07-01T01:29:00",
59 | "references": [
60 | "http://bugs.python.org/issue21082",
61 | "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html",
62 | "http://lists.opensuse.org/opensuse-updates/2014-05/msg00007.html",
63 | "http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html",
64 | "http://www.openwall.com/lists/oss-security/2014/03/28/15",
65 | "http://www.openwall.com/lists/oss-security/2014/03/29/5",
66 | "http://www.openwall.com/lists/oss-security/2014/03/30/4",
67 | "https://security.gentoo.org/glsa/201503-10"
68 | ],
69 | "refmap": {
70 | "confirm": [
71 | "http://bugs.python.org/issue21082"
72 | ],
73 | "gentoo": [
74 | "GLSA-201503-10"
75 | ],
76 | "mlist": [
77 | "[oss-security] 20140328 CVE request: os.makedirs(exist_ok=True) is not thread-safe in Python",
78 | "[oss-security] 20140329 Re: [PSRT] CVE request: os.makedirs(exist_ok=True) is not thread-safe in Python",
79 | "[oss-security] 20140330 Re: CVE request: os.makedirs(exist_ok=True) is not thread-safe in Python"
80 | ],
81 | "suse": [
82 | "openSUSE-SU-2014:0596",
83 | "openSUSE-SU-2014:0597",
84 | "openSUSE-SU-2020:0086"
85 | ]
86 | },
87 | "summary": "Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.",
88 | "vulnerable_configuration": [
89 | {
90 | "id": "cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*",
91 | "title": "cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*"
92 | },
93 | {
94 | "id": "cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*",
95 | "title": "cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*"
96 | },
97 | {
98 | "id": "cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*",
99 | "title": "cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*"
100 | },
101 | {
102 | "id": "cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*",
103 | "title": "cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*"
104 | },
105 | {
106 | "id": "cpe:2.3:a:python:python:3.2.4:*:*:*:*:*:*:*",
107 | "title": "cpe:2.3:a:python:python:3.2.4:*:*:*:*:*:*:*"
108 | },
109 | {
110 | "id": "cpe:2.3:a:python:python:3.2.5:*:*:*:*:*:*:*",
111 | "title": "cpe:2.3:a:python:python:3.2.5:*:*:*:*:*:*:*"
112 | },
113 | {
114 | "id": "cpe:2.3:a:python:python:3.2.6:*:*:*:*:*:*:*",
115 | "title": "cpe:2.3:a:python:python:3.2.6:*:*:*:*:*:*:*"
116 | },
117 | {
118 | "id": "cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*",
119 | "title": "cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*"
120 | },
121 | {
122 | "id": "cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*",
123 | "title": "cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*"
124 | },
125 | {
126 | "id": "cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*",
127 | "title": "cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*"
128 | },
129 | {
130 | "id": "cpe:2.3:a:python:python:3.3.3:*:*:*:*:*:*:*",
131 | "title": "cpe:2.3:a:python:python:3.3.3:*:*:*:*:*:*:*"
132 | },
133 | {
134 | "id": "cpe:2.3:a:python:python:3.3.4:*:*:*:*:*:*:*",
135 | "title": "cpe:2.3:a:python:python:3.3.4:*:*:*:*:*:*:*"
136 | },
137 | {
138 | "id": "cpe:2.3:a:python:python:3.3.5:*:*:*:*:*:*:*",
139 | "title": "cpe:2.3:a:python:python:3.3.5:*:*:*:*:*:*:*"
140 | },
141 | {
142 | "id": "cpe:2.3:a:python:python:3.3.6:*:*:*:*:*:*:*",
143 | "title": "cpe:2.3:a:python:python:3.3.6:*:*:*:*:*:*:*"
144 | },
145 | {
146 | "id": "cpe:2.3:a:python:python:3.4.0:*:*:*:*:*:*:*",
147 | "title": "cpe:2.3:a:python:python:3.4.0:*:*:*:*:*:*:*"
148 | },
149 | {
150 | "id": "cpe:2.3:a:python:python:3.4.1:*:*:*:*:*:*:*",
151 | "title": "cpe:2.3:a:python:python:3.4.1:*:*:*:*:*:*:*"
152 | },
153 | {
154 | "id": "cpe:2.3:a:python:python:3.4.2:*:*:*:*:*:*:*",
155 | "title": "cpe:2.3:a:python:python:3.4.2:*:*:*:*:*:*:*"
156 | }
157 | ],
158 | "vulnerable_configuration_cpe_2_2": [],
159 | "vulnerable_product": [
160 | "cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*",
161 | "cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*",
162 | "cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*",
163 | "cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*",
164 | "cpe:2.3:a:python:python:3.2.4:*:*:*:*:*:*:*",
165 | "cpe:2.3:a:python:python:3.2.5:*:*:*:*:*:*:*",
166 | "cpe:2.3:a:python:python:3.2.6:*:*:*:*:*:*:*",
167 | "cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*",
168 | "cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*",
169 | "cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*",
170 | "cpe:2.3:a:python:python:3.3.3:*:*:*:*:*:*:*",
171 | "cpe:2.3:a:python:python:3.3.4:*:*:*:*:*:*:*",
172 | "cpe:2.3:a:python:python:3.3.5:*:*:*:*:*:*:*",
173 | "cpe:2.3:a:python:python:3.3.6:*:*:*:*:*:*:*",
174 | "cpe:2.3:a:python:python:3.4.0:*:*:*:*:*:*:*",
175 | "cpe:2.3:a:python:python:3.4.1:*:*:*:*:*:*:*",
176 | "cpe:2.3:a:python:python:3.4.2:*:*:*:*:*:*:*"
177 | ]
178 | }
--------------------------------------------------------------------------------
/cve/CVE-2020-10735.json:
--------------------------------------------------------------------------------
1 | {
2 | "Modified": "2022-09-14T11:15:00",
3 | "Published": "2022-09-09T14:15:00",
4 | "access": {},
5 | "assigner": "secalert@redhat.com",
6 | "cvss": null,
7 | "cwe": "Unknown",
8 | "id": "CVE-2020-10735",
9 | "impact": {},
10 | "last-modified": "2022-09-14T11:15:00",
11 | "references": [
12 | "https://access.redhat.com/security/cve/CVE-2020-10735",
13 | "https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y",
14 | "https://bugzilla.redhat.com/show_bug.cgi?id=1834423",
15 | "https://github.com/python/cpython/issues/95778",
16 | "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/",
17 | "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/",
18 | "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/",
19 | "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/",
20 | "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/",
21 | "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/",
22 | "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/",
23 | "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/",
24 | "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/"
25 | ],
26 | "summary": "A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.",
27 | "vulnerable_configuration": [],
28 | "vulnerable_configuration_cpe_2_2": [],
29 | "vulnerable_product": []
30 | }
--------------------------------------------------------------------------------
/cve/CVE-2022-37454.json:
--------------------------------------------------------------------------------
1 | {
2 | "Modified": "2022-11-04T00:15:00",
3 | "Published": "2022-10-21T06:15:00",
4 | "access": {},
5 | "assigner": "cve@mitre.org",
6 | "capec": [
7 | {
8 | "id": "92",
9 | "name": "Forced Integer Overflow",
10 | "prerequisites": "The attacker can manipulate the value of an integer variable utilized by the target host. The target host does not do proper range checking on the variable before utilizing it. When the integer variable is incremented or decremented to an out of range value, it gets a very different value (e.g. very small or negative number)",
11 | "related_weakness": [
12 | "120",
13 | "122",
14 | "128",
15 | "190",
16 | "196",
17 | "680",
18 | "697"
19 | ],
20 | "solutions": "Use a language or compiler that performs automatic bounds checking. Carefully review the service's implementation before making it available to user. For instance you can use manual or automated code review to uncover vulnerabilities such as integer overflow. Use an abstraction library to abstract away risky APIs. Not a complete solution. Always do bound checking before consuming user input data.",
21 | "summary": "This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code."
22 | }
23 | ],
24 | "cvss": null,
25 | "cwe": "CWE-190",
26 | "id": "CVE-2022-37454",
27 | "impact": {},
28 | "last-modified": "2022-11-04T00:15:00",
29 | "references": [
30 | "https://news.ycombinator.com/item?id=33281106",
31 | "https://csrc.nist.gov/projects/hash-functions/sha-3-project",
32 | "https://mouha.be/sha-3-buffer-overflow/",
33 | "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658",
34 | "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html",
35 | "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html",
36 | "https://www.debian.org/security/2022/dsa-5267",
37 | "https://www.debian.org/security/2022/dsa-5269",
38 | "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/",
39 | "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/"
40 | ],
41 | "summary": "The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.",
42 | "vulnerable_configuration": [
43 | {
44 | "id": "cpe:2.3:a:extended_keccak_code_package_project:extended_keccak_code_package:-:*:*:*:*:*:*:*",
45 | "title": "cpe:2.3:a:extended_keccak_code_package_project:extended_keccak_code_package:-:*:*:*:*:*:*:*"
46 | }
47 | ],
48 | "vulnerable_configuration_cpe_2_2": [],
49 | "vulnerable_product": [
50 | "cpe:2.3:a:extended_keccak_code_package_project:extended_keccak_code_package:-:*:*:*:*:*:*:*"
51 | ]
52 | }
--------------------------------------------------------------------------------
/cve/CVE-2022-42919.json:
--------------------------------------------------------------------------------
1 | {
2 | "Modified": "2022-11-08T15:03:00",
3 | "Published": "2022-11-07T00:15:00",
4 | "access": {},
5 | "assigner": "cve@mitre.org",
6 | "capec": [],
7 | "cvss": null,
8 | "cwe": "NVD-CWE-noinfo",
9 | "id": "CVE-2022-42919",
10 | "impact": {},
11 | "last-modified": "2022-11-08T15:03:00",
12 | "references": [
13 | "https://github.com/python/cpython/issues/97514"
14 | ],
15 | "summary": "Python 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.4, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.",
16 | "vulnerable_configuration": [
17 | {
18 | "id": "cpe:2.3:a:python:python:3.9.0:-:*:*:*:*:*:*",
19 | "title": "cpe:2.3:a:python:python:3.9.0:-:*:*:*:*:*:*"
20 | },
21 | {
22 | "id": "cpe:2.3:a:python:python:3.9.0:alpha1:*:*:*:*:*:*",
23 | "title": "cpe:2.3:a:python:python:3.9.0:alpha1:*:*:*:*:*:*"
24 | },
25 | {
26 | "id": "cpe:2.3:a:python:python:3.9.0:alpha2:*:*:*:*:*:*",
27 | "title": "cpe:2.3:a:python:python:3.9.0:alpha2:*:*:*:*:*:*"
28 | },
29 | {
30 | "id": "cpe:2.3:a:python:python:3.9.0:alpha3:*:*:*:*:*:*",
31 | "title": "cpe:2.3:a:python:python:3.9.0:alpha3:*:*:*:*:*:*"
32 | },
33 | {
34 | "id": "cpe:2.3:a:python:python:3.9.0:alpha4:*:*:*:*:*:*",
35 | "title": "cpe:2.3:a:python:python:3.9.0:alpha4:*:*:*:*:*:*"
36 | },
37 | {
38 | "id": "cpe:2.3:a:python:python:3.9.0:alpha5:*:*:*:*:*:*",
39 | "title": "cpe:2.3:a:python:python:3.9.0:alpha5:*:*:*:*:*:*"
40 | },
41 | {
42 | "id": "cpe:2.3:a:python:python:3.9.0:alpha6:*:*:*:*:*:*",
43 | "title": "cpe:2.3:a:python:python:3.9.0:alpha6:*:*:*:*:*:*"
44 | },
45 | {
46 | "id": "cpe:2.3:a:python:python:3.9.0:beta1:*:*:*:*:*:*",
47 | "title": "cpe:2.3:a:python:python:3.9.0:beta1:*:*:*:*:*:*"
48 | },
49 | {
50 | "id": "cpe:2.3:a:python:python:3.9.0:beta2:*:*:*:*:*:*",
51 | "title": "cpe:2.3:a:python:python:3.9.0:beta2:*:*:*:*:*:*"
52 | },
53 | {
54 | "id": "cpe:2.3:a:python:python:3.9.0:beta3:*:*:*:*:*:*",
55 | "title": "cpe:2.3:a:python:python:3.9.0:beta3:*:*:*:*:*:*"
56 | },
57 | {
58 | "id": "cpe:2.3:a:python:python:3.9.0:beta4:*:*:*:*:*:*",
59 | "title": "cpe:2.3:a:python:python:3.9.0:beta4:*:*:*:*:*:*"
60 | },
61 | {
62 | "id": "cpe:2.3:a:python:python:3.9.0:beta5:*:*:*:*:*:*",
63 | "title": "cpe:2.3:a:python:python:3.9.0:beta5:*:*:*:*:*:*"
64 | },
65 | {
66 | "id": "cpe:2.3:a:python:python:3.9.0:rc1:*:*:*:*:*:*",
67 | "title": "cpe:2.3:a:python:python:3.9.0:rc1:*:*:*:*:*:*"
68 | },
69 | {
70 | "id": "cpe:2.3:a:python:python:3.9.0:rc2:*:*:*:*:*:*",
71 | "title": "cpe:2.3:a:python:python:3.9.0:rc2:*:*:*:*:*:*"
72 | },
73 | {
74 | "id": "cpe:2.3:a:python:python:3.9.1:*:*:*:*:*:*:*",
75 | "title": "cpe:2.3:a:python:python:3.9.1:*:*:*:*:*:*:*"
76 | },
77 | {
78 | "id": "cpe:2.3:a:python:python:3.9.1:-:*:*:*:*:*:*",
79 | "title": "cpe:2.3:a:python:python:3.9.1:-:*:*:*:*:*:*"
80 | },
81 | {
82 | "id": "cpe:2.3:a:python:python:3.9.1:rc1:*:*:*:*:*:*",
83 | "title": "cpe:2.3:a:python:python:3.9.1:rc1:*:*:*:*:*:*"
84 | },
85 | {
86 | "id": "cpe:2.3:a:python:python:3.9.2:*:*:*:*:*:*:*",
87 | "title": "cpe:2.3:a:python:python:3.9.2:*:*:*:*:*:*:*"
88 | },
89 | {
90 | "id": "cpe:2.3:a:python:python:3.9.2:-:*:*:*:*:*:*",
91 | "title": "cpe:2.3:a:python:python:3.9.2:-:*:*:*:*:*:*"
92 | },
93 | {
94 | "id": "cpe:2.3:a:python:python:3.9.2:rc1:*:*:*:*:*:*",
95 | "title": "cpe:2.3:a:python:python:3.9.2:rc1:*:*:*:*:*:*"
96 | },
97 | {
98 | "id": "cpe:2.3:a:python:python:3.9.3:*:*:*:*:*:*:*",
99 | "title": "cpe:2.3:a:python:python:3.9.3:*:*:*:*:*:*:*"
100 | },
101 | {
102 | "id": "cpe:2.3:a:python:python:3.9.4:*:*:*:*:*:*:*",
103 | "title": "cpe:2.3:a:python:python:3.9.4:*:*:*:*:*:*:*"
104 | },
105 | {
106 | "id": "cpe:2.3:a:python:python:3.9.5:*:*:*:*:*:*:*",
107 | "title": "cpe:2.3:a:python:python:3.9.5:*:*:*:*:*:*:*"
108 | },
109 | {
110 | "id": "cpe:2.3:a:python:python:3.9.6:*:*:*:*:*:*:*",
111 | "title": "cpe:2.3:a:python:python:3.9.6:*:*:*:*:*:*:*"
112 | },
113 | {
114 | "id": "cpe:2.3:a:python:python:3.9.7:*:*:*:*:*:*:*",
115 | "title": "cpe:2.3:a:python:python:3.9.7:*:*:*:*:*:*:*"
116 | },
117 | {
118 | "id": "cpe:2.3:a:python:python:3.9.8:*:*:*:*:*:*:*",
119 | "title": "cpe:2.3:a:python:python:3.9.8:*:*:*:*:*:*:*"
120 | },
121 | {
122 | "id": "cpe:2.3:a:python:python:3.9.9:*:*:*:*:*:*:*",
123 | "title": "cpe:2.3:a:python:python:3.9.9:*:*:*:*:*:*:*"
124 | },
125 | {
126 | "id": "cpe:2.3:a:python:python:3.9.10:*:*:*:*:*:*:*",
127 | "title": "cpe:2.3:a:python:python:3.9.10:*:*:*:*:*:*:*"
128 | },
129 | {
130 | "id": "cpe:2.3:a:python:python:3.9.11:*:*:*:*:*:*:*",
131 | "title": "cpe:2.3:a:python:python:3.9.11:*:*:*:*:*:*:*"
132 | },
133 | {
134 | "id": "cpe:2.3:a:python:python:3.9.12:*:*:*:*:*:*:*",
135 | "title": "cpe:2.3:a:python:python:3.9.12:*:*:*:*:*:*:*"
136 | },
137 | {
138 | "id": "cpe:2.3:a:python:python:3.9.13:*:*:*:*:*:*:*",
139 | "title": "cpe:2.3:a:python:python:3.9.13:*:*:*:*:*:*:*"
140 | },
141 | {
142 | "id": "cpe:2.3:a:python:python:3.9.14:*:*:*:*:*:*:*",
143 | "title": "cpe:2.3:a:python:python:3.9.14:*:*:*:*:*:*:*"
144 | },
145 | {
146 | "id": "cpe:2.3:a:python:python:3.10.0:-:*:*:*:*:*:*",
147 | "title": "cpe:2.3:a:python:python:3.10.0:-:*:*:*:*:*:*"
148 | },
149 | {
150 | "id": "cpe:2.3:a:python:python:3.10.0:alpha1:*:*:*:*:*:*",
151 | "title": "cpe:2.3:a:python:python:3.10.0:alpha1:*:*:*:*:*:*"
152 | },
153 | {
154 | "id": "cpe:2.3:a:python:python:3.10.0:alpha2:*:*:*:*:*:*",
155 | "title": "cpe:2.3:a:python:python:3.10.0:alpha2:*:*:*:*:*:*"
156 | },
157 | {
158 | "id": "cpe:2.3:a:python:python:3.10.0:alpha3:*:*:*:*:*:*",
159 | "title": "cpe:2.3:a:python:python:3.10.0:alpha3:*:*:*:*:*:*"
160 | },
161 | {
162 | "id": "cpe:2.3:a:python:python:3.10.0:alpha4:*:*:*:*:*:*",
163 | "title": "cpe:2.3:a:python:python:3.10.0:alpha4:*:*:*:*:*:*"
164 | },
165 | {
166 | "id": "cpe:2.3:a:python:python:3.10.0:alpha5:*:*:*:*:*:*",
167 | "title": "cpe:2.3:a:python:python:3.10.0:alpha5:*:*:*:*:*:*"
168 | },
169 | {
170 | "id": "cpe:2.3:a:python:python:3.10.0:alpha6:*:*:*:*:*:*",
171 | "title": "cpe:2.3:a:python:python:3.10.0:alpha6:*:*:*:*:*:*"
172 | },
173 | {
174 | "id": "cpe:2.3:a:python:python:3.10.0:alpha7:*:*:*:*:*:*",
175 | "title": "cpe:2.3:a:python:python:3.10.0:alpha7:*:*:*:*:*:*"
176 | },
177 | {
178 | "id": "cpe:2.3:a:python:python:3.10.0:beta1:*:*:*:*:*:*",
179 | "title": "cpe:2.3:a:python:python:3.10.0:beta1:*:*:*:*:*:*"
180 | },
181 | {
182 | "id": "cpe:2.3:a:python:python:3.10.0:beta2:*:*:*:*:*:*",
183 | "title": "cpe:2.3:a:python:python:3.10.0:beta2:*:*:*:*:*:*"
184 | },
185 | {
186 | "id": "cpe:2.3:a:python:python:3.10.0:beta3:*:*:*:*:*:*",
187 | "title": "cpe:2.3:a:python:python:3.10.0:beta3:*:*:*:*:*:*"
188 | },
189 | {
190 | "id": "cpe:2.3:a:python:python:3.10.0:beta4:*:*:*:*:*:*",
191 | "title": "cpe:2.3:a:python:python:3.10.0:beta4:*:*:*:*:*:*"
192 | },
193 | {
194 | "id": "cpe:2.3:a:python:python:3.10.0:rc1:*:*:*:*:*:*",
195 | "title": "cpe:2.3:a:python:python:3.10.0:rc1:*:*:*:*:*:*"
196 | },
197 | {
198 | "id": "cpe:2.3:a:python:python:3.10.0:rc2:*:*:*:*:*:*",
199 | "title": "cpe:2.3:a:python:python:3.10.0:rc2:*:*:*:*:*:*"
200 | },
201 | {
202 | "id": "cpe:2.3:a:python:python:3.10.1:*:*:*:*:*:*:*",
203 | "title": "cpe:2.3:a:python:python:3.10.1:*:*:*:*:*:*:*"
204 | },
205 | {
206 | "id": "cpe:2.3:a:python:python:3.10.2:*:*:*:*:*:*:*",
207 | "title": "cpe:2.3:a:python:python:3.10.2:*:*:*:*:*:*:*"
208 | },
209 | {
210 | "id": "cpe:2.3:a:python:python:3.10.3:*:*:*:*:*:*:*",
211 | "title": "cpe:2.3:a:python:python:3.10.3:*:*:*:*:*:*:*"
212 | },
213 | {
214 | "id": "cpe:2.3:a:python:python:3.10.4:*:*:*:*:*:*:*",
215 | "title": "cpe:2.3:a:python:python:3.10.4:*:*:*:*:*:*:*"
216 | },
217 | {
218 | "id": "cpe:2.3:a:python:python:3.10.5:*:*:*:*:*:*:*",
219 | "title": "cpe:2.3:a:python:python:3.10.5:*:*:*:*:*:*:*"
220 | },
221 | {
222 | "id": "cpe:2.3:a:python:python:3.10.6:*:*:*:*:*:*:*",
223 | "title": "cpe:2.3:a:python:python:3.10.6:*:*:*:*:*:*:*"
224 | },
225 | {
226 | "id": "cpe:2.3:a:python:python:3.10.7:*:*:*:*:*:*:*",
227 | "title": "cpe:2.3:a:python:python:3.10.7:*:*:*:*:*:*:*"
228 | }
229 | ],
230 | "vulnerable_configuration_cpe_2_2": [],
231 | "vulnerable_product": [
232 | "cpe:2.3:a:python:python:3.9.0:-:*:*:*:*:*:*",
233 | "cpe:2.3:a:python:python:3.9.0:alpha1:*:*:*:*:*:*",
234 | "cpe:2.3:a:python:python:3.9.0:alpha2:*:*:*:*:*:*",
235 | "cpe:2.3:a:python:python:3.9.0:alpha3:*:*:*:*:*:*",
236 | "cpe:2.3:a:python:python:3.9.0:alpha4:*:*:*:*:*:*",
237 | "cpe:2.3:a:python:python:3.9.0:alpha5:*:*:*:*:*:*",
238 | "cpe:2.3:a:python:python:3.9.0:alpha6:*:*:*:*:*:*",
239 | "cpe:2.3:a:python:python:3.9.0:beta1:*:*:*:*:*:*",
240 | "cpe:2.3:a:python:python:3.9.0:beta2:*:*:*:*:*:*",
241 | "cpe:2.3:a:python:python:3.9.0:beta3:*:*:*:*:*:*",
242 | "cpe:2.3:a:python:python:3.9.0:beta4:*:*:*:*:*:*",
243 | "cpe:2.3:a:python:python:3.9.0:beta5:*:*:*:*:*:*",
244 | "cpe:2.3:a:python:python:3.9.0:rc1:*:*:*:*:*:*",
245 | "cpe:2.3:a:python:python:3.9.0:rc2:*:*:*:*:*:*",
246 | "cpe:2.3:a:python:python:3.9.1:*:*:*:*:*:*:*",
247 | "cpe:2.3:a:python:python:3.9.1:-:*:*:*:*:*:*",
248 | "cpe:2.3:a:python:python:3.9.1:rc1:*:*:*:*:*:*",
249 | "cpe:2.3:a:python:python:3.9.2:*:*:*:*:*:*:*",
250 | "cpe:2.3:a:python:python:3.9.2:-:*:*:*:*:*:*",
251 | "cpe:2.3:a:python:python:3.9.2:rc1:*:*:*:*:*:*",
252 | "cpe:2.3:a:python:python:3.9.3:*:*:*:*:*:*:*",
253 | "cpe:2.3:a:python:python:3.9.4:*:*:*:*:*:*:*",
254 | "cpe:2.3:a:python:python:3.9.5:*:*:*:*:*:*:*",
255 | "cpe:2.3:a:python:python:3.9.6:*:*:*:*:*:*:*",
256 | "cpe:2.3:a:python:python:3.9.7:*:*:*:*:*:*:*",
257 | "cpe:2.3:a:python:python:3.9.8:*:*:*:*:*:*:*",
258 | "cpe:2.3:a:python:python:3.9.9:*:*:*:*:*:*:*",
259 | "cpe:2.3:a:python:python:3.9.10:*:*:*:*:*:*:*",
260 | "cpe:2.3:a:python:python:3.9.11:*:*:*:*:*:*:*",
261 | "cpe:2.3:a:python:python:3.9.12:*:*:*:*:*:*:*",
262 | "cpe:2.3:a:python:python:3.9.13:*:*:*:*:*:*:*",
263 | "cpe:2.3:a:python:python:3.9.14:*:*:*:*:*:*:*",
264 | "cpe:2.3:a:python:python:3.10.0:-:*:*:*:*:*:*",
265 | "cpe:2.3:a:python:python:3.10.0:alpha1:*:*:*:*:*:*",
266 | "cpe:2.3:a:python:python:3.10.0:alpha2:*:*:*:*:*:*",
267 | "cpe:2.3:a:python:python:3.10.0:alpha3:*:*:*:*:*:*",
268 | "cpe:2.3:a:python:python:3.10.0:alpha4:*:*:*:*:*:*",
269 | "cpe:2.3:a:python:python:3.10.0:alpha5:*:*:*:*:*:*",
270 | "cpe:2.3:a:python:python:3.10.0:alpha6:*:*:*:*:*:*",
271 | "cpe:2.3:a:python:python:3.10.0:alpha7:*:*:*:*:*:*",
272 | "cpe:2.3:a:python:python:3.10.0:beta1:*:*:*:*:*:*",
273 | "cpe:2.3:a:python:python:3.10.0:beta2:*:*:*:*:*:*",
274 | "cpe:2.3:a:python:python:3.10.0:beta3:*:*:*:*:*:*",
275 | "cpe:2.3:a:python:python:3.10.0:beta4:*:*:*:*:*:*",
276 | "cpe:2.3:a:python:python:3.10.0:rc1:*:*:*:*:*:*",
277 | "cpe:2.3:a:python:python:3.10.0:rc2:*:*:*:*:*:*",
278 | "cpe:2.3:a:python:python:3.10.1:*:*:*:*:*:*:*",
279 | "cpe:2.3:a:python:python:3.10.2:*:*:*:*:*:*:*",
280 | "cpe:2.3:a:python:python:3.10.3:*:*:*:*:*:*:*",
281 | "cpe:2.3:a:python:python:3.10.4:*:*:*:*:*:*:*",
282 | "cpe:2.3:a:python:python:3.10.5:*:*:*:*:*:*:*",
283 | "cpe:2.3:a:python:python:3.10.6:*:*:*:*:*:*:*",
284 | "cpe:2.3:a:python:python:3.10.7:*:*:*:*:*:*:*"
285 | ]
286 | }
--------------------------------------------------------------------------------
/index.rst:
--------------------------------------------------------------------------------
1 | +++++++++++++++
2 | Python Security
3 | +++++++++++++++
4 |
5 | This page is an attempt to document security vulnerabilities in Python and the
6 | versions including the fix.
7 |
8 | Pages
9 | =====
10 |
11 | .. toctree::
12 | :maxdepth: 2
13 |
14 | vulnerabilities
15 | packages
16 | ssl
17 | security
18 |
19 | `Status of Python branches
20 | `_ lists Python
21 | branches which get security fixes.
22 |
--------------------------------------------------------------------------------
/make.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | pushd %~dp0
4 |
5 | REM Command file for Sphinx documentation
6 |
7 | if "%SPHINXBUILD%" == "" (
8 | set SPHINXBUILD=sphinx-build
9 | )
10 | set SOURCEDIR=.
11 | set BUILDDIR=build
12 | set SPHINXPROJ=PythonSecurity
13 |
14 | if "%1" == "" goto help
15 |
16 | %SPHINXBUILD% >NUL 2>NUL
17 | if errorlevel 9009 (
18 | echo.
19 | echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
20 | echo.installed, then set the SPHINXBUILD environment variable to point
21 | echo.to the full path of the 'sphinx-build' executable. Alternatively you
22 | echo.may add the Sphinx directory to PATH.
23 | echo.
24 | echo.If you don't have Sphinx installed, grab it from
25 | echo.http://sphinx-doc.org/
26 | exit /b 1
27 | )
28 |
29 | %SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS%
30 | goto end
31 |
32 | :help
33 | %SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS%
34 |
35 | :end
36 | popd
37 |
--------------------------------------------------------------------------------
/packages.rst:
--------------------------------------------------------------------------------
1 | +++++++++++++++++
2 | Packages and PyPI
3 | +++++++++++++++++
4 |
5 | Check for known vulnerabilities
6 | ===============================
7 |
8 | * https://github.com/pyupio/safety-db and https://pyup.io/
9 | * `safety package `_: Safety checks your
10 | installed dependencies for known security vulnerabilities.
11 |
12 | GPG
13 | ===
14 |
15 | * `Verifying PyPI and Conda Packages
16 | `_
17 | by Stuart Mumford (2016-06-21)
18 | * `Sign a package using GPG and Twine
19 | `_
20 |
21 | pip security
22 | ============
23 |
24 | * pip: `Implement "hook" support for package signature verification
25 | `_
26 |
27 | PyPI
28 | ====
29 |
30 | * `PEP 458 -- Surviving a Compromise of PyPI
31 | `_ (27-Sep-2013)
32 | * `PEP 480 -- Surviving a Compromise of PyPI: The Maximum Security Model
33 | `_ (8-Oct-2014)
34 | * `Making PyPI security independent of SSL/TLS
35 | `_
36 | by Nick Coghlan
37 |
38 | Vulnerabilites in the Package Index
39 | ===================================
40 |
41 | .. toctree::
42 | :maxdepth: 1
43 |
44 | pypi-vuln/index-2017-10-12-unchecked_file_deletion.rst
45 | pypi-vuln/index-2017-11-08-pypirc_exposure_on_github.rst
46 | pypi-vuln/index-2020-01-05-authentication_method_flaws.rst
47 | pypi-vuln/index-2020-02-22-upload_endpoint_csrf.rst
48 | pypi-vuln/index-2021-06-15-unintended-deployments.rst
49 | pypi-vuln/index-2021-07-26-legacy-document-deletion.rst
50 | pypi-vuln/index-2021-07-27-combine-prs-workflow.rst
51 | pypi-vuln/index-2021-07-27-role-deletion.rst
52 | pypi-vuln/index-2022-05-24-ctx-domain-takeover.rst
53 |
54 |
55 |
56 | PyPI typo squatting
57 | ===================
58 |
59 | * `Typosquatting programming language package managers
60 | `_
61 | by Nikolai Tschacher (8 June, 2016)
62 | * `LWN: Typosquatting in package repositories
63 | `_ (July 20, 2016)
64 | * `Building a botnet on PyPi
65 | `_
66 | by Steve Stagg (May 19, 2017)
67 | * warehouse bug (pypi.org): `Block package names that conflict with core
68 | libraries `_ (reported at June
69 | 28, 2017)
70 | * 2017-09-09: `skcsirt-sa-20170909-pypi-malicious-code advisory
71 | `_
72 |
73 | fate0:
74 |
75 | * 2017-05-27 04:38 - 2017-05-31 12:24 (5 days): 10,685 downloads
76 | * May-June, 2017
77 | * https://mail.python.org/pipermail/distutils-sig/2017-June/030592.html
78 | * http://blog.fatezero.org/2017/06/01/package-fishing/
79 | * https://github.com/pypa/pypi-legacy/issues/644
80 | * http://evilpackage.fatezero.org/
81 | * https://github.com/fate0/cookiecutter-evilpy-package
82 | * Packages (this list needs to be validated):
83 |
84 | * caffe
85 | * ffmpeg
86 | * ftp
87 | * git
88 | * hbase
89 | * memcached
90 | * mkl
91 | * mongodb
92 | * opencv
93 | * openssl
94 | * phantomjs
95 | * proxy
96 | * pygpu
97 | * python-dev
98 | * rabbitmq
99 | * requirement.txt
100 | * requirements.txt
101 | * rrequirements.txt
102 | * samba
103 | * shadowsock
104 | * smb
105 | * tkinter
106 | * vtk
107 | * youtube-dl
108 | * zookeeper
109 | * ztz
110 | * ...
111 |
112 | Example of typos:
113 |
114 | * ``urllib``, ``urllib2``: part of the standard library
115 | * ``urlib3`` instead of ``urllib3``
116 |
117 | Links
118 | =====
119 |
120 | * `The Update Framework (TUF) `_:
121 | Like the S in HTTPS, a plug-and-play library for securing a software updater.
122 |
--------------------------------------------------------------------------------
/pep8.sh:
--------------------------------------------------------------------------------
1 | flake8 *.py check-python-vuln/*.py check-python-vuln/scripts/*.py
2 |
--------------------------------------------------------------------------------
/pypi-vuln/2022-05-24-ctx-domain-takeover-chart.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vstinner/python-security/9e5aa3542e66d3b7a3ada0185dda9447ca581b23/pypi-vuln/2022-05-24-ctx-domain-takeover-chart.png
--------------------------------------------------------------------------------
/pypi-vuln/index-2017-10-12-unchecked_file_deletion.rst:
--------------------------------------------------------------------------------
1 | .. _index-unchecked_file_deletion:
2 |
3 | Index Vulnerability: Unchecked File Deletion
4 | ============================================
5 |
6 | Improper checking of ACLs would have allowed any authenticated user to delete
7 | any release file hosted on the Package Index by supplying its md5 to the
8 | ``:files`` action in `the pypi-legacy `_
9 | code base.
10 |
11 | * Disclosure date: **2017-10-12** (Reported via security policy on `pypi.org `_)
12 | * Disclosed by: `Max Justicz `_
13 |
14 | Fixed In
15 | --------
16 |
17 | * PyPI "Legacy Codebase" (2017-10-12) fixed by `commit 18200fa `_ (2017-10-12)
18 |
19 | Audit
20 | -----
21 |
22 | After mitigating the attack vector and deploying it, the responding Package
23 | Index maintainer worked to verify that no release files had been improperly
24 | removed using this exploit.
25 |
26 | The Package Index maintains an audit log in the form of a "Journal" for all
27 | actions initiated. It was determined that exploitation of this attack vector
28 | would still remove files via the `existing interface `_
29 | an audit log would still be `written `_.
30 |
31 | Using this information, we were able to reconstruct the users with access to
32 | legitimately remove release files at point in time of each file removal
33 | `using the audit log `_.
34 |
35 | The output of this script were used to determine that no malicious actors
36 | exploited this vulnerability. All flagged journal entries were related to one
37 | of the following scenarios:
38 |
39 | * Username updates that were not properly updated in the Journal
40 | * Administrator intervention to remove packages
41 |
42 | Timeline
43 | --------
44 |
45 | Timeline using the disclosure date **2017-10-12** as reference:
46 |
47 | * 2017-10-12: Issue reported by `Max Justicz `_ following guidelines in security policy on `pypi.org `_
48 | * 2017-10-12 (**+0days**): Report investigated by `Ernest W. Durbin III `_ and determined to be exploitable
49 | * 2017-10-12 (**+0days**): Fix implemented and deployed in `commit 18200fa `_
50 | * 2017-10-12 (**+0days**): The audit journals maintained by PyPI were used to reconstruct the full history of file removals to determine that no malicious deletions were performed.
51 |
--------------------------------------------------------------------------------
/pypi-vuln/index-2017-11-08-pypirc_exposure_on_github.rst:
--------------------------------------------------------------------------------
1 | PyPI credential exposure on GitHub
2 | ==================================
3 |
4 | Introduction
5 | ------------
6 |
7 | A common mistake made by users is committing and publishing "dotfiles"
8 | containing private material such as passwords, API keys, or cryptographic keys
9 | to public repositories on services such as GitHub.
10 |
11 | Compounding this issue, the Python packaging ecosystem historically and
12 | currently encourages---albeit with some level of caution---the use of a
13 | ``.pypirc`` file for storage of passwords consumption by packaging tools. For a
14 | summary of the dangers of this methodology, see `this article on securing PyPI
15 | credentials `_.
16 |
17 | With ever strengthening search tools on GitHub attackers are able to formulate
18 | queries which quickly identify and obtain credentials from such hosting sites.
19 |
20 | * Disclosure date: **2017-11-05** (Reported via security policy on `pypi.org `_)
21 | * Disclosed by: Joachim Jablon
22 |
23 | Report
24 | ------
25 |
26 | The PyPI security team was notified by Joachim Jablon that ``.pypirc`` files
27 | containing valid PyPI credentials were obtainable with a straightforward search
28 | and scrape of GitHub.
29 |
30 | Using tools developed by the reporter the PyPI security team was able to
31 | identify 77 valid PyPI logins in 85 public files published to GitHub. These 77
32 | logins had maintainer or administrator access to 146 unique projects on PyPI.
33 |
34 | Audit
35 | -----
36 | Action Taken by PyPI team
37 |
38 | The PyPI security team followed up by auditing and extending the Proof of
39 | Concept tools supplied by the reporter to verify the report.
40 |
41 | After running the tooling against the full result set of the GitHub code search
42 | the PyPI administrators unset the passphrases for all valid logins found and
43 | issued an administrative password reset for exposed users.
44 |
45 | Additionally an audit of PyPI's journals showed no signs of malicious access
46 | for the exposed accounts.
47 |
48 | The email sent to affected users took the form
49 |
50 | .. code-block:: python
51 |
52 | From: admin@mail.pypi.python.org
53 | To: {user['email']}
54 | Subject: [Urgent] Your PyPI password has been reset
55 |
56 | {username},
57 |
58 | A security report recently identified that your PyPI login credentials were
59 | exposed in a public code repository on github.com.
60 |
61 | Please see the following links where your credentials were found:
62 |
63 | {pypirc_links}
64 |
65 | An initial audit of our journals found that {package_count} projects your
66 | account has access to were potentially exposed but did not indicate any
67 | malicious activity.
68 |
69 | Packages:
70 |
71 | {packages}
72 |
73 | Please double check the audit logs at https://pypi.python.org after you have
74 | reset your password and notify us if you identify any suspicious activity.
75 |
76 | Also please reset your passwords anywhere else you may have used the password
77 | exposed in the above links.
78 |
79 | To reset your password, please visit {password_reset_link}.
80 |
81 | Thanks,
82 | PyPI Security Team
83 |
84 | Recommendations
85 | ---------------
86 |
87 | All users of PyPI should ensure that their PyPI login credentials are safe and
88 | have not been inadvertently exposed in a public repository of dotfiles, in the
89 | root of a project directory, or in some other public or shared medium.
90 |
91 | The PyPI team does not have the resources to search or scrape all such services
92 | and may not have identified all forms of this exposure.
93 |
94 | Additionally, reviewing the Audit Journal for your projects on pypi.python.org
95 | for suspicous activity is a good idea. If you identify any such activity,
96 | please report it per `our published security policy `_.
97 |
98 | Timeline
99 | --------
100 |
101 | Timeline using the disclosure date **2017-11-05** as reference:
102 |
103 | * 2017-11-05 Issue reported by Joachim Jablon to a single member of the security team listed in our security policy on `pypi.org `_
104 | * 2017-11-08 (**+3days**):Issue reported by Joachim Jablon to an additional member of the security team listed in our security policy on `pypi.org `_
105 | * 2017-11-08 (**+3days**):Issue reported by Joachim Jablon to all members of the security team listed in our security policy on `pypi.org `_
106 | * 2017-11-08 (**+3days**): Report investigated by `Ernest W. Durbin III `_ and determined to be valid.
107 | * 2017-11-09 (**+4days**): Administrative password resets issued.
108 |
--------------------------------------------------------------------------------
/pypi-vuln/index-2020-01-05-authentication_method_flaws.rst:
--------------------------------------------------------------------------------
1 | ==========================================
2 | Authentication Flaws in 2FA and API Tokens
3 | ==========================================
4 |
5 | Introduction
6 | ============
7 |
8 | PyPI implemented 2FA and API Tokens in 2019 as part of funded work to better
9 | secure the service for Project Maintainers and Python users installing from
10 | the index.
11 |
12 | Two flaws were identified in the authentication policies which allowed API
13 | Tokens and Basic Authentication to access resources they should not have had
14 | access to, additionally bypassing two factor authentication.
15 |
16 | * Disclosure date: **2020-01-05** (Reported via security policy on `pypi.org `_)
17 | * Disclosed by: Joachim Jablon
18 | * Bounty awarded to discloser: $500 USD for multiple reports in Q1 2020
19 |
20 | Reported vulnerabilities
21 | ========================
22 |
23 | Web UI Authentication and 2FA bypass via API Tokens (Macaroons)
24 | ---------------------------------------------------------------
25 |
26 | API tokens are advertised as only being valid for uploads, however by setting
27 | the appropriate header, :code:`Authorization: token pypi-.....`, requests for
28 | arbitrary actions could be made with the equivalent of a standard session.
29 |
30 | Thus leaked API tokens regardless of scope may have had a much bigger impact
31 | than advertised (uploading rogue releases vs deleting releases/projects or
32 | modifying user account components)
33 |
34 | Initially resolved in: https://github.com/pypa/warehouse/pull/7184
35 |
36 | Web UI 2FA bypass via Basic Auth
37 | --------------------------------
38 |
39 | Similar to above, constructing and setting the appropriate header,
40 | :code:`Authorization: Basic `, requests for arbitrary actions could be
41 | made with the equivalent of a standard session.
42 |
43 | Thus, 2FA bypass was possible if an attacker had the username and password for
44 | a user.
45 |
46 | Initially resolved in: https://github.com/pypa/warehouse/pull/7186
47 |
48 | Assessment
49 | ==========
50 |
51 | We are unable to directly determine if either of these vulnerabilities were
52 | exploited. PyPI stores an Audit Log of events modifying user accounts and
53 | projects on the service. These log successful logins via the login form but
54 | were not configured to log authentication via other methods as they were
55 | assumed to be associated with package uploads only, which are logged
56 | separately.
57 |
58 | Reccomendations
59 | ===============
60 |
61 | Users are encouraged to review their `Account Security History `_
62 | regularly to determine if any suspicious activity has taken place. If you
63 | identify any such activity, please report it per `our published security policy `_.
64 |
65 | Timeline
66 | ========
67 |
68 | * 2020-01-05 Issue reported by Joachim Jablon to security@python.org per PyPI
69 | security policy on `pypi.org `_
70 | * 2020-01-05 (**+0days**): Reports investigated by Ernest W. Durbin III and
71 | determined to be valid.
72 | * 2020-01-05 (**+0days**): Fixes deployed and verified.
73 |
--------------------------------------------------------------------------------
/pypi-vuln/index-2020-02-22-upload_endpoint_csrf.rst:
--------------------------------------------------------------------------------
1 | ==================================
2 | Upload endpoint CSRF vulnerability
3 | ==================================
4 |
5 | Summary
6 | =======
7 |
8 | A `Cross Site Request Forgery `_
9 | vulnerability was discovered in the endpoint which accepts uploads to PyPI.
10 |
11 | * Disclosure date: **2020-02-22** (Reported via security policy on `pypi.org `_)
12 | * Disclosed by: Joachim Jablon
13 | * Bounty awarded to discloser: $500 USD for multiple reports in Q1 2020
14 |
15 | Reported vulnerability
16 | ======================
17 |
18 | Upload endpoint vulnerable to CSRF
19 | ----------------------------------
20 |
21 | Although PyPI implements CSRF protection for endpoints with side effects
22 | throughout the views and endpoints for the primary web user interface, that
23 | protection is not implemented for the upload endpoint at
24 | https://upload.pypi.org/legacy/. This endpoint is not intended for browsers,
25 | but rather clients such as `setuptools `_
26 | and `twine `_ which do not authenticate using
27 | HTTP Sessions or Cookies.
28 |
29 | The upload endpoint was misconfigured to accept HTTP Session authentication
30 | cookies from pypi.org. Combined with intentional disabling of CSRF protection
31 | on this endpoint, an attacker could have constructed a form to trick PyPI users
32 | into uploading releases to PyPI.
33 |
34 | Initially resolved in: https://github.com/pypa/warehouse/pull/7432
35 |
36 | Assessment
37 | ==========
38 |
39 | We are unable to directly determine if this vulnerabilities was
40 | exploited. PyPI stores an Audit Log of events modifying user accounts and
41 | projects on the service. These log successful logins via the login form but
42 | were not configured to log authentication via other methods as they were
43 | assumed to be associated with package uploads only, which are logged
44 | separately.
45 |
46 | Reccomendations
47 | ===============
48 |
49 | Users are encouraged to review their `Account Security History `_
50 | regularly to determine if any suspicious activity has taken place. If you
51 | identify any such activity, please report it per `our published security policy `_.
52 |
53 | Timeline
54 | ========
55 |
56 | * 2020-02-22 Issue reported by Joachim Jablon to security@python.org per PyPI
57 | security policy on `pypi.org `_
58 | * 2020-02-23 (**+1days**): Report investigated by Ernest W. Durbin III and
59 | determined to be valid.
60 | * 2020-02-24 (**+2days**): Fixes reviewd by PyPI administrators, deployed, and
61 | verified.
62 |
--------------------------------------------------------------------------------
/pypi-vuln/index-2021-06-15-unintended-deployments.rst:
--------------------------------------------------------------------------------
1 | ======================================
2 | Unintended Deployments to PyPI Servers
3 | ======================================
4 |
5 | Summary
6 | =======
7 |
8 | On June 15, 2021 an exploitable vulnerability in the deployment tooling for
9 | `PyPI `_ was discovered by a PyPI administrator.
10 |
11 | This vulnerability allowed for arbitrary code which passed the continuous
12 | integration suite to be deployed to the servers that run PyPI without approval
13 | or merge to the `warehouse codebase `_.
14 |
15 | Two instances of unmerged and unapproved changes being deployed were discovered:
16 |
17 | * March 17, 2021 - https://github.com/pypa/warehouse/pull/9245
18 | * June 15, 2021 - https://github.com/pypa/warehouse/pull/9669
19 |
20 | In both cases, there was no malicious intent and the changes would later be
21 | approved and merged by PyPI administrators.
22 |
23 | In review and audit, PyPI administrators were able to confirm that no other
24 | actors attempted or succeeded in initiating an unapproved deployment.
25 |
26 | Analysis
27 | ========
28 |
29 | The root cause of this vulnerability was misinterpretation of the ``check_suite``
30 | event from GitHub. Initially it was thought that the value for
31 | ``repository->full_name`` in the payload was the repository from which the commit
32 | under test originated, when in actuality it is the repository in which the
33 | check suite ran.
34 |
35 | ::
36 |
37 | installation_id = hook.payload['installation']['id']
38 | repository_name = hook.payload['repository']['full_name']
39 | branch_names = [hook.payload['check_suite']['head_branch']]
40 |
41 | applications = Application.query.filter(and_(
42 | Application.auto_deploy_branch.in_(branch_names),
43 | Application.github_app_installation_id == installation_id,
44 | Application.github_repository == repository_name,
45 | )).all()
46 |
47 | When filtering the repository name and branch to determine if a deployment was
48 | required, as above, this allowed for any Pull Request opened against the
49 | repository originating from any branch called ``main`` to initiate a deploy as
50 | long as the continuous integration run succeeded.
51 |
52 | Mitigation
53 | ==========
54 | Because the payload of the ``check_suite`` hook does not contain the necessary
55 | information to determine the original repository to which the branch and commit
56 | belong, our deployment tooling began processing ``push`` events.
57 |
58 | The ``push`` event is only fired for branches belonging to the repository, but
59 | can be further verified by checking the value of
60 | ``hook.payload['repository']['full_name']`` and ``hook.payload['ref']`` to ensure
61 | that it originated from the authentic
62 | `warehouse repository `_.
63 |
64 | ``push`` events which could potentially initiate a deployment are marked as such,
65 | in this case that they originate from the specific repository and branch
66 | configured (``pypa/warehouse:main``).
67 |
68 | All further ``check_suite`` events are filtered on wether or a not an associated
69 | ``push`` event was marked as deployable.
70 |
71 | This was validated via a
72 | `test Pull Request `_.
73 | No deployment was initiated until after merge.
74 |
75 | Audit
76 | =====
77 |
78 | The deployment tooling for PyPI keeps a full history of all inbound hooks it
79 | has received, and the actions taken after processing.
80 |
81 | In review, we were able to identify the two unintended deployments using this
82 | log and review them. No other instances, malicious or accidental, of this were
83 | observed.
84 |
85 | Timeline
86 | ========
87 |
88 | * 2020-08-21 Deployment tooling updated to use the ``check_suite`` hook rather
89 | than ``status`` hook from GitHub to initiate deploys.
90 | * 2021-03-17 First instance (PR #9245) of unintentional deploy
91 | * 2021-06-15 Second instance (PR #9669) of unintentional deploy
92 | * 2021-06-15 PyPI Administrator alerts team to suspicious deployment notifications on PR #9669
93 | * 2021-06-15 Deployment tooling for PyPI disabled
94 | * 2021-06-15 Fix developed and tested
95 | * 2021-06-15 Deployment tooling for PyPI re-enabled
96 |
--------------------------------------------------------------------------------
/pypi-vuln/index-2021-07-26-legacy-document-deletion.rst:
--------------------------------------------------------------------------------
1 | =================================================
2 | Vulnerability in Legacy Document Deletion on PyPI
3 | =================================================
4 |
5 | An exploitable vulnerability in the mechanisms for deleting legacy
6 | documentation hosting deployment tooling on `PyPI `_ was
7 | discovered by a security researcher, which would allow an attacker to remove documentation for projects not under their control.
8 |
9 | * Disclosure date: **2021-07-25** (Reported via security policy on `pypi.org `_)
10 | * Disclosed by: `RyotaK `_
11 | * Bounty awarded to discloser: $1,000 USD for multiple reports in 2021-07
12 |
13 | Summary
14 | =======
15 |
16 | At one point PyPI supported uploading documentation in addition to distribution
17 | files. This functionality was under-utilized and slowly deprecated/removed
18 | starting in `2016
19 | `_ and
20 | was not included in the 2018 re-write of PyPI.
21 |
22 | Instead, for projects that had previously hosted documentation on PyPI, the new PyPI
23 | presented them with the ability to remove/destroy the existing documentation on
24 | PyPI in favor of using an external service.
25 |
26 | To quote the discloser:
27 |
28 | This feature is added a few years ago by this pull request:
29 | https://github.com/pypa/warehouse/pull/3413 As you can see from the pull
30 | request above, there is an endpoint located at
31 | ``manage/project/{project_name}/delete_project_docs/`` that deletes the
32 | legacy documentation. And this endpoint calls the ``destroy_docs`` function
33 | which passes ``project.name`` into ``remove_documentation`` function.
34 |
35 | Then, ``remove_documentation`` passes ``project_name`` into the ``remove_by_prefix``
36 | function of ``S3DocsStorage``.
37 |
38 | Since ``remove_by_prefix`` uses list_objects_v2 with the prefix, all files
39 | that start with the specified project name will be returned. (e.g. If ``p``
40 | is specified in the prefix, it will return ``pypi``, ``pip``, ``python``...
41 | etc.)
42 |
43 | As far as I can see from these codes, there is no suffix in the project
44 | name (e.g. ``/``).
45 |
46 | This means that if there is a project called ``examp``, and their owner
47 | decides to delete the legacy documentation, documentation for projects that
48 | have a name starting with ``examp`` will be deleted. (e.g. ``example``)
49 |
50 |
51 | Analysis
52 | ========
53 |
54 | Many projects implement "psuedonamespaces" on PyPI, for discoverability and
55 | organizational purposes, particularly those which implement plugin or extension
56 | frameworks. In our analysis, the only impact of this vulnerability appears to
57 | have been accidental, in which maintainers for a top-level project (e.g.
58 | ``framework``) intentionally initiated documentation deletion for their
59 | project, which then cascaded to plugin/extension projects which shared the
60 | prefix (e.g. ``framework.foo``, ``framework-bar``).
61 |
62 | Mitigation
63 | ==========
64 |
65 | This vulnerability was fixed in https://github.com/pypa/warehouse/pull/9839 via
66 | https://github.com/pypa/warehouse/pull/9839/commits/3afcac795619b0b06007d0fb179d3ca137ed43b7
67 | by adding a trailing slash to the project name used with ``remove_by_prefix``.
68 |
69 | Audit
70 | =====
71 |
72 | A dump of Project ``name`` and ``has_docs`` flags from the database, Journal
73 | and Project Event records implemented by PyPI, along with a full listing of the
74 | documentation hosting S3 bucket were collected for audit and analysis.
75 |
76 | By comparing the ``has_docs`` flag for each Project with the status of matching
77 | documentation in the S3 bucket listing, we were able to identify 96 Projects
78 | out of 3,632 for which the flag in the database was incorrect.
79 |
80 | This delta represents projects for which documentation on the legacy hosting
81 | service is "missing".
82 |
83 | 77 of the missing Project documents were identified as being accidentally
84 | deleted due to the extension/plugin concern discussed in the Analysis section.
85 |
86 | The remaining 19 missing Project documents are not explainable via the
87 | vulnerability discussed here, as no ``docdestroy`` events are recorded which
88 | share the prefix for their name. The legacy document hosting service
89 | administration has varied over the years, and it is very likely that these
90 | documents were directly removed by administrators or lost during migrations and
91 | recovery attempts.
92 |
93 | Timeline
94 | ========
95 |
96 | * 2018-03-25: "Destroy documentation" feature added in (PR #3413)
97 | * 2021-07-25: Issue reported by `RyotaK `_
98 | following guidelines in security policy on `pypi.org
99 | `_)
100 | * 2021-07-26 (**+1days**): Fix is implemented and deployed in `commit 036fdc
101 | `_
102 |
--------------------------------------------------------------------------------
/pypi-vuln/index-2021-07-27-combine-prs-workflow.rst:
--------------------------------------------------------------------------------
1 | =================================================
2 | Vulnerability in GitHub Actions workflow for PyPI
3 | =================================================
4 |
5 | An exploitable vulnerability in a GitHub Actions workflow for PyPI's source
6 | repository could allow an attacker to obtain write permissions against the
7 | ``pypa/warehouse`` repository.
8 |
9 | * Disclosure date: **2021-07-27** (Reported via security policy on `pypi.org `_)
10 | * Disclosed by: `RyotaK `_
11 | * Bounty awarded to discloser: $1,000 USD for multiple reports in 2021-07
12 |
13 | Summary
14 | =======
15 |
16 | The PyPI team uses `Dependabot `_ for automatic
17 | updates to the dependencies of the web application that powers PyPI. This tool
18 | generates a high volume of pull requests against the source repository, and
19 | `lacks a feature to group these updates into a single pull request
20 | `_
21 |
22 | To reduce the burden of merging multiple individual pull requests, the
23 | maintainers use `an open-source GitHub Action workflow
24 | `_ to group all Dependabot pull
25 | requests.
26 |
27 |
28 | To quote the security researcher:
29 |
30 | As ``combine-prs.yml`` will pick up pull requests that have ``dependabot`` as a
31 | prefix in the ``head.ref``, it's possible to force this workflow to pick up a
32 | malicious pull request.
33 |
34 | (As ``head.ref`` will return branch name even if it's in the forked
35 | repository, someone may create a branch name like ``dependabotasdf`` and
36 | it'll be picked by this workflow.)
37 |
38 | Since branch names can contain shell metacharacters, `this line `_ would be
39 | unsafe as the ``${{ }}`` expression is used. Because the ``${{ }}`` expression
40 | is evaluated before commands are passed to bash, it makes this workflow
41 | vulnerable to command injection.
42 |
43 | By combining these vulnerabilities, it's possible to obtain write
44 | permissions against the ``pypa/warehouse`` repository by the following ways:
45 |
46 | 1. Fork pypa/workhouse.
47 | 2. In forked repository, create a branch named
48 | ``dependabot;cat$IFS$(echo$IFS'LmdpdA=='|base64$IFS'-d')/config|base64;#``
49 | (This command will execute ``cat .git/config | base64``. As
50 | actions/checkout leaves GitHub token in the ``.git/config`` file by
51 | default, it's possible to obtain it from there.)
52 | 3. Add harmless modification to the created branch.
53 | 4. Create a pull request with a harmless name (e.g. "WIP")
54 | 5. Wait for Combine PRs to be triggered.
55 | 6. GitHub Token with write permissions against ``pypa/warehouse`` will be leaked.
56 |
57 | Analysis
58 | ========
59 |
60 | PyPI administrators analyzed the vulnerabilty and found it to be exploitable.
61 |
62 | Mitigation
63 | ==========
64 |
65 | This vulnerability was fixed in https://github.com/pypa/warehouse/pull/9846 via
66 | https://github.com/pypa/warehouse/pull/9846/commits/fb98c6bb4d68fb43944171214971f6c776f844ce
67 | and
68 | https://github.com/pypa/warehouse/pull/9846/commits/50bd16422889d653127d373c9615516bf883a394
69 | by matching against the PR creator username and not using an unecessary
70 | ``echo``.
71 |
72 | Audit
73 | =====
74 |
75 | A successful exploitation of the vulnerability would be identifiable via an
76 | opened pull request against the ``pypa/warehouse`` repository, with the branch
77 | name prefixed with ``dependabot`` and created by a non-Dependabot user.
78 |
79 | The PyPI administrators analyzed all pull requests created against
80 | ``pypa/warehouse`` and found 2,874 pull requests with branches starting with
81 | ``dependabot``. All of these branches were created by the
82 | ``dependabot[bot]`` or ``dependabot-preview[bot]`` users, with the exception of two:
83 |
84 | * https://github.com/pypa/warehouse/pull/7275, created by a PyPI administrator
85 | * https://github.com/pypa/warehouse/pull/6916, a drive-by PR from an unfamiliar
86 | user
87 |
88 | The PyPI administrators analyzed the PR from the unknown user and determined
89 | that it was not attempting to exploit the vulnerabiltiy as it lacked a
90 | malicious branch name. In addition, this PR was not picked up by a run of the
91 | workflow at any point.
92 |
93 | Timeline
94 | ========
95 |
96 | * 2020-10-12: "Combine PRs" workflow added in (PR #8694)
97 | * 2021-07-27: Issue reported by `RyotaK `_
98 | following guidelines in security policy on `pypi.org
99 | `_)
100 | * 2021-07-27 (**+0days**): Fix is implemented and deployed in `commit 33ad32
101 | `_
102 |
--------------------------------------------------------------------------------
/pypi-vuln/index-2021-07-27-role-deletion.rst:
--------------------------------------------------------------------------------
1 | ======================================
2 | Vulnerability in Role Deletion on PyPI
3 | ======================================
4 |
5 | An exploitable vulnerability in the mechanisms for deleting roles on `PyPI
6 | `_ was discovered by a security researcher, which would allow
7 | an attacker to remove roles for projects not under their control.
8 |
9 | * Disclosure date: **2021-07-26** (Reported via security policy on `pypi.org `_)
10 | * Disclosed by: `RyotaK `_
11 | * Bounty awarded to discloser: $1,000 USD for multiple reports in 2021-07
12 |
13 | Summary
14 | =======
15 |
16 | PyPI has two types of permissions for users relative to projects: ``Owner`` and
17 | ``Maintainer``. Permissions are stored by mapping a user ID to a project ID,
18 | with a permission, as a role. Each role has a unique ID.
19 |
20 | PyPI users have the ability to remove roles for the projects they have the
21 | ``Owner`` role for. This is done via a web form by ``POST``-ing the role ID to
22 | an endpoint dedicated to deleting roles.
23 |
24 | This endpoint is guarded by a permissions check to ensure the current user has
25 | the ``Owner`` role on the current project. However, when querying for the role
26 | by ID, the query was missing a check that the current project matches the
27 | project the role is associated with.
28 |
29 | This would enable any user to delete any role if they were able to procure a
30 | valid role ID.
31 |
32 | Analysis
33 | ========
34 |
35 | Role IDs are represented on PyPI as UUIDs, and are therefore pseudo-random and
36 | not enumerable. In addition, role IDs for a given project are only exposed to
37 | any user with the ``Owner`` role on that project (via the same webform for
38 | deleting roles).
39 |
40 | Given this, the PyPI administrators determined that it would not be possible
41 | for an attacker to acquire a role ID that they didn't already have the ability
42 | to delete, and that any successful exploitation of this vulnerability would
43 | require a high volume of requests in attempt to brute force a role ID. In
44 | addition, any successful exploitation would only have the ability to remove a
45 | random role ID, and not a role for a specific user or project.
46 |
47 | Mitigation
48 | ==========
49 |
50 | This vulnerability was fixed in https://github.com/pypa/warehouse/pull/9845 via
51 | https://github.com/pypa/warehouse/pull/9845/commits/7605bee1e77319000f71f5b60959a35c8e482161
52 | by adding a filter on the current project to the query for the role.
53 |
54 | Audit
55 | =====
56 |
57 | The PyPI administrators analyzed incidences of high-volume traffic to the role
58 | deletion endpoint, and found two days where the quantity of requests to this
59 | endpoint were far above average (>200 requests per day). The PyPI
60 | administrators analyzed all role deletions on these days and found them to be
61 | legitimate bulk removals of roles.
62 |
63 | Timeline
64 | ========
65 |
66 | * 2018-01-22: "Role management" feature added in (PR #2705)
67 | * 2021-07-26: Issue reported by `RyotaK `_
68 | following guidelines in security policy on `pypi.org
69 | `_)
70 | * 2021-07-27 (**+1days**): Fix is implemented and deployed in `commit 7605be
71 | `_
72 |
--------------------------------------------------------------------------------
/python_releases.txt:
--------------------------------------------------------------------------------
1 | 0.9.8: 1993-01-10
2 | 0.9.9: 1993-07-29
3 |
4 | 1.0.1: 1994-02-15
5 | 1.0.2: 1994-05-06
6 |
7 | 1.1.0: 1994-10-11
8 | 1.1.1: 1994-11-10
9 |
10 | 1.2.0: 1995-04-10
11 |
12 | 1.3.0: 1995-10-12
13 |
14 | 1.4.0: 1996-10-25
15 |
16 | 1.5.0: 1997-12-31
17 | 1.5.1: 1998-04-14
18 | 1.5.2: 1999-04-13
19 |
20 | 2.0.0: 2000-10-16
21 | 2.0.1: 2001-06-22
22 |
23 | 2.1.0: 2001-04-16
24 | 2.1.1: 2001-07-20
25 | 2.1.2: 2002-01-15
26 | 2.1.3: 2002-04-09
27 |
28 | 2.2.0: 2002-03-29
29 | 2.2.1: 2002-04-09
30 | 2.2.2: 2002-10-14
31 | 2.2.3: 2003-05-30
32 |
33 | 2.3.1: 2003-09-24
34 | 2.3.2: 2003-10-02
35 | 2.3.3: 2003-12-19
36 | 2.3.4: 2004-05-27
37 | 2.3.5: 2005-02-08
38 | 2.3.6: 2006-11-01
39 | 2.3.7: 2008-03-11
40 |
41 | 2.4.0: 2004-11-30
42 | 2.4.1: 2005-03-30
43 | 2.4.2: 2005-09-28
44 | 2.4.3: 2006-03-28
45 | 2.4.4: 2006-10-18
46 | 2.4.5: 2008-03-11
47 | 2.4.6: 2008-12-19
48 |
49 | 2.5.0: 2006-09-18
50 | 2.5.1: 2007-04-18
51 | 2.5.2: 2008-02-21
52 | 2.5.3: 2008-12-19
53 | 2.5.4: 2008-12-23
54 | 2.5.5: 2010-01-31
55 | 2.5.6: 2011-05-28
56 |
57 | 2.6.0: 2008-10-01
58 | 2.6.1: 2008-12-04
59 | 2.6.2: 2009-04-14
60 | 2.6.3: 2009-10-01
61 | 2.6.4: 2009-10-26
62 | 2.6.5: 2010-03-18
63 | 2.6.6: 2010-08-23
64 | 2.6.7: 2011-06-04
65 | 2.6.8: 2012-04-10
66 | 2.6.9: 2013-10-29
67 |
68 | 2.7.0: 2010-07-03
69 | 2.7.1: 2010-11-27
70 | 2.7.2: 2011-06-11
71 | 2.7.3: 2012-04-09
72 | 2.7.4: 2013-04-06
73 | 2.7.5: 2013-05-12
74 | 2.7.6: 2013-11-10
75 | 2.7.7: 2014-05-31
76 | 2.7.8: 2014-06-30
77 | 2.7.9: 2014-12-10
78 | 2.7.10: 2015-05-23
79 | 2.7.11: 2015-12-05
80 | 2.7.12: 2016-06-25
81 | 2.7.13: 2016-12-17
82 | 2.7.14: 2017-09-16
83 | 2.7.15: 2018-04-29
84 | 2.7.16: 2019-03-02
85 | 2.7.17: 2019-10-19
86 | 2.7.18: 2020-04-19
87 |
88 | 3.0.0: 2008-12-03
89 | 3.0.1: 2009-02-12
90 |
91 | 3.1.0: 2009-06-26
92 | 3.1.1: 2009-08-16
93 | 3.1.2: 2010-03-20
94 | 3.1.3: 2010-11-27
95 | 3.1.4: 2011-06-11
96 | 3.1.5: 2012-04-06
97 |
98 | 3.2.0: 2011-02-20
99 | 3.2.1: 2011-07-09
100 | 3.2.2: 2011-08-25
101 | 3.2.3: 2012-04-10
102 | 3.2.4: 2013-04-06
103 | 3.2.5: 2013-05-12
104 | 3.2.6: 2014-10-12
105 |
106 | 3.3.0: 2012-09-29
107 | 3.3.1: 2013-04-06
108 | 3.3.2: 2013-05-12
109 | 3.3.3: 2013-11-17
110 | 3.3.4: 2014-02-09
111 | 3.3.5: 2014-03-09
112 | 3.3.6: 2014-10-12
113 | 3.3.7: 2017-09-19
114 |
115 | 3.4.0: 2014-03-16
116 | 3.4.1: 2014-05-18
117 | 3.4.2: 2014-10-06
118 | 3.4.3: 2015-02-25
119 | 3.4.4: 2015-12-20
120 | 3.4.5: 2016-06-25
121 | 3.4.6: 2017-01-16
122 | 3.4.7: 2017-08-09
123 | 3.4.8: 2018-02-04
124 | 3.4.9: 2018-08-02
125 | 3.4.10: 2019-03-18
126 |
127 | 3.5.0: 2015-09-12
128 | 3.5.1: 2015-12-06
129 | 3.5.2: 2016-06-25
130 | 3.5.3: 2017-01-16
131 | 3.5.4: 2017-08-07
132 | 3.5.5: 2018-02-04
133 | 3.5.6: 2018-08-02
134 | 3.5.7: 2019-03-18
135 | 3.5.8: 2019-10-29
136 | 3.5.9: 2019-11-01
137 | 3.5.10: 2020-09-05
138 |
139 | 3.6.0: 2016-12-22
140 | 3.6.1: 2017-03-21
141 | 3.6.2: 2017-07-08
142 | 3.6.3: 2017-10-03
143 | 3.6.4: 2017-12-19
144 | 3.6.5: 2018-03-28
145 | 3.6.6: 2018-06-26
146 | 3.6.7: 2018-10-20
147 | 3.6.8: 2018-12-23
148 | 3.6.9: 2019-07-02
149 | 3.6.10: 2019-12-18
150 | 3.6.11: 2020-06-27
151 | 3.6.12: 2020-08-15
152 | 3.6.13: 2021-02-16
153 | 3.6.14: 2021-06-28
154 | 3.6.15: 2021-09-04
155 |
156 | 3.7.0: 2018-06-27
157 | 3.7.1: 2018-10-20
158 | 3.7.2: 2018-12-23
159 | 3.7.3: 2019-03-25
160 | 3.7.4: 2019-07-08
161 | 3.7.5: 2019-10-14
162 | 3.7.6: 2019-12-18
163 | 3.7.7: 2020-03-10
164 | 3.7.8: 2020-06-27
165 | 3.7.9: 2020-08-15
166 | 3.7.10: 2021-02-16
167 | 3.7.11: 2021-06-28
168 | 3.7.12: 2021-09-04
169 | 3.7.13: 2022-03-16
170 | 3.7.14: 2022-09-06
171 | 3.7.15: 2022-10-10
172 | 3.7.16: 2022-12-06
173 | 3.7.17: 2023-06-05
174 |
175 | 3.8.0: 2019-10-14
176 | 3.8.1: 2019-12-18
177 | 3.8.2: 2020-02-24
178 | 3.8.3: 2020-05-13
179 | 3.8.4: 2020-07-13
180 | 3.8.5: 2020-07-20
181 | 3.8.6: 2020-09-23
182 | 3.8.7: 2020-12-21
183 | 3.8.8: 2021-02-19
184 | 3.8.9: 2021-04-02
185 | 3.8.10: 2021-05-03
186 | 3.8.11: 2021-06-28
187 | 3.8.12: 2021-08-30
188 | 3.8.13: 2022-03-16
189 | 3.8.14: 2022-09-06
190 | 3.8.15: 2022-10-11
191 | 3.8.16: 2022-12-06
192 | 3.8.17: 2023-06-06
193 | 3.8.18: 2023-08-24
194 |
195 | 3.9.0: 2020-10-05
196 | 3.9.1: 2020-12-07
197 | 3.9.2: 2021-02-19
198 | 3.9.3: 2021-04-02
199 | 3.9.4: 2021-04-04
200 | 3.9.5: 2021-05-03
201 | 3.9.6: 2021-06-28
202 | 3.9.7: 2021-08-30
203 | 3.9.8: 2021-11-05
204 | 3.9.9: 2021-11-15
205 | 3.9.10: 2022-01-13
206 | 3.9.11: 2022-03-16
207 | 3.9.12: 2022-03-23
208 | 3.9.13: 2022-05-17
209 | 3.9.14: 2022-09-06
210 | 3.9.15: 2022-10-11
211 | 3.9.16: 2022-12-06
212 | 3.9.17: 2023-06-06
213 | 3.9.18: 2023-08-24
214 |
215 | 3.10.0: 2021-10-04
216 | 3.10.1: 2021-12-06
217 | 3.10.2: 2022-01-13
218 | 3.10.3: 2022-03-16
219 | 3.10.4: 2022-03-23
220 | 3.10.5: 2022-06-06
221 | 3.10.6: 2022-08-01
222 | 3.10.7: 2022-09-05
223 | 3.10.8: 2022-10-11
224 | 3.10.9: 2022-12-06
225 | 3.10.10: 2023-02-07
226 | 3.10.11: 2023-04-04
227 | 3.10.12: 2023-06-06
228 | 3.10.13: 2023-08-24
229 |
230 | 3.11.0: 2022-10-24
231 | 3.11.1: 2022-12-06
232 | 3.11.2: 2023-02-07
233 | 3.11.3: 2023-04-04
234 | 3.11.4: 2023-06-06
235 | 3.11.5: 2023-08-24
236 |
--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | PyYAML
2 | Sphinx
3 | PyGithub
4 |
--------------------------------------------------------------------------------
/security.rst:
--------------------------------------------------------------------------------
1 | +++++++++++++++
2 | Python Security
3 | +++++++++++++++
4 |
5 | Python Security model
6 | =====================
7 |
8 | Python doesn't implement `privilege separation
9 | `_ (not "inside" Python) to
10 | reduce the attack surface of Python. Once an attacker is able the execute
11 | arbitrary Python code, the attacker basically gets a full access to the system.
12 | Privilege separation can be implemented "outside" Python by putting Python
13 | inside a sandbox.
14 |
15 | Example with `bpo-36506 `_ (closed as not a
16 | bug): ``getattr()`` executes arbitrary code by design, it's not a
17 | vulnerability.
18 |
19 | Bytecode
20 | --------
21 |
22 | CPython doesn't verify that bytecode is safe. If an attacker is able to
23 | execute arbitrary bytecode, we consider that the security of the bytecode is
24 | the least important issue: using bytecode, sensitive code can be imported and
25 | executed.
26 |
27 | For example, the ``marshal`` doesn't validate inputs.
28 |
29 | Sandbox
30 | -------
31 |
32 | Don't try to build a sandbox inside CPython. The attack surface is too large.
33 | Python has many introspection features, see for example the ``inspect`` module.
34 | Python also many convenient features which executes code on demand. Examples:
35 |
36 | * the literal string ``'\N{Snowman}'`` imports the ``unicodedata`` module
37 | * the code to log a warning might be abused to execute code
38 |
39 | The good design is to put CPython into a sandbox, not the opposite.
40 |
41 | Ok, understood, but I want a sandbox in Python. Well...
42 |
43 | * `Eval really is dangerous
44 | `_
45 | (Ned Batchelder, June 2012)
46 | * `PyPy sandboxing `_
47 | * For Linux, search for SECCOMP
48 |
49 |
50 | Dangerous functions and modules
51 | ===============================
52 |
53 | * Python 2 input()
54 | * Python 2 execfile()
55 | * eval()
56 | * subprocess.Popen(shell=True)
57 | * str.format(), Python 3 str.format_map, and Python 2 unicode.format() all
58 | allow arbitrary attribute access on formatted values, and hence access
59 | to Python's introspection features:
60 | `Be Careful with Python's New-Style String Format
61 | `_
62 | (Armin Ronacher, December 2016)
63 | * The ``pickle`` module executes arbitrary Python code: never use it with
64 | untrusted data.
65 |
66 | Archives and absolute paths
67 | ---------------------------
68 |
69 | * tarfile: Never extract archives from untrusted sources without prior
70 | inspection. It is possible that files are created outside of path, e.g.
71 | members that have absolute filenames starting with "/" or filenames with
72 | two dots "..".
73 | * zipfile: Never extract archives from untrusted sources without prior
74 | inspection. It is possible that files are created outside of path, e.g.
75 | members that have absolute filenames starting with "/" or filenames with
76 | two dots "..". zipfile attempts to prevent that.
77 |
78 | Archives and Zip Bomb (CVE-2019-9674)
79 | -------------------------------------
80 |
81 | Be careful of "Zip Bombs": a very small archive can use a huge amount of memory
82 | and disk space once decompressed.
83 |
84 | The zlib module allows to limit the maximum length:
85 | https://docs.python.org/dev/library/zlib.html#zlib.Decompress.decompress
86 |
87 | For example, the OpenStack Nova was vulnerable of denial of service if a
88 | compressed virtual machine was a Zip Bomb: OSSA 2016-012 and CVE-2015-5162.
89 |
90 | Turns out qemu image parser is not hardened against malicious input and can
91 | be abused to allocated an arbitrary amount of memory and/or dump a lot of
92 | information when used with "--output=json".
93 |
94 | Nova has been fixed using the ``prlimit`` command (with one implementation
95 | written in Python: `prlimit.py
96 | `_)
97 | to limit the maximum memory of the process.
98 |
99 | See:
100 |
101 | * `zipfile: Decompression pitfalls
102 | `_.
103 | * `bpo-36260: [security] CVE-2019-9674: Zip Bomb vulnerability
104 | `_
105 | * `CVE-2019-9674 `_
106 | * `Wikipedia: Zip bomb
107 | `_
108 |
109 |
110 | Shell command injection
111 | =======================
112 |
113 | See https://www.owasp.org/index.php/Command_Injection
114 |
115 | Whenever possible, avoid ``subprocess.Popen(shell=True)`` and ``os.popen()``.
116 | On UNIX, ``shlex.quote()`` can be used to escape command line arguments to use
117 | them safetely in a shell command.
118 |
119 | For Windows, see:
120 |
121 | * ``subprocess.list2cmdline()`` (private function)
122 | * ``distutils.spawn._nt_quote_args()`` (private function)
123 | * https://bugs.python.org/issue8987
124 | * https://bugs.python.org/issue20744
125 |
126 |
127 | RNG
128 | ===
129 |
130 | * CSPRNG:
131 |
132 | * ``os.urandom()``
133 | * ``random.SystemRandom``
134 | * `secrets module `_
135 | (Python 3.6)
136 |
137 | * ``os.urandom()`` uses:
138 |
139 | * Python 3.6: ``CryptGenRandom()``, ``getentropy()``,
140 | ``getrandom(0)`` (blocking) or ``/dev/urandom``
141 | * Python 3.5: ``CryptGenRandom()``, ``getentropy()``,
142 | ``getrandom(GRND_NONBLOCK)`` (non-blocking) or ``/dev/urandom``
143 | * Python 2.7: ``CryptGenRandom()``, ``getentropy()`` or ``/dev/urandom``
144 | * `PEP 524: Make os.urandom() blocking on Linux
145 | `_: Python 3.6
146 |
147 |
148 | * ``ssl.RAND_bytes()`` fork issue:
149 |
150 | - Python issue: `Re-seed OpenSSL's PRNG after fork
151 | `_
152 | - `OpenSSL Random fork-safety
153 | `_
154 |
155 | The ``random`` module must not be used in security sensitive code, except of
156 | the ``random.SystemRandom`` class.
157 |
158 |
159 | CPython Security Experts
160 | ========================
161 |
162 | * Alex Gaynor
163 | * Antoine Pitrou
164 | * Christian Heimes
165 | * Donald Stufft
166 |
167 | Windows
168 | =======
169 |
170 | ASLR and DEP
171 | ------------
172 |
173 | ASLR and DEP protections enabled since Python 3.4 (and Python 2.7.11 if built
174 | using ``PCbuild/`` directory).
175 |
176 | Unsafe Python 2.7 default installation directory
177 | ------------------------------------------------
178 |
179 | Python 2.7 installer uses ``C:\Python27\`` directory by default. The created
180 | directory has the "Modify" access rights given to the "Authenticated Users"
181 | group. An attacker can modify the standard library or even modify
182 | python.exe. Python 3 installer now installs Python in ``C:\Program Files`` by
183 | default to fix this issue. Override the default installation directory, or
184 | fix the directory permissions.
185 |
186 | DLL injection
187 | -------------
188 |
189 | On Windows 8.1 and older, the installer is vulnerable to DLL injection:
190 | evil DLL written in the same download directory that the downloaded Python
191 | installer. See `DLL Hijacking Just Won’t Die
192 | `_.
193 |
194 | DLL injection using PATH
195 | ------------------------
196 |
197 | Inject a malicious DLL in a writable directory included in PATH. The "pip" step
198 | of the Python installer will run this DLL.
199 |
200 | We consider that it is not an issue of Python (Python installer) itself.
201 |
202 | Once you have write access to a directory on the system PATH (not the current
203 | user PATH) and the ability to write binaries that are not validated by the
204 | operating system before loading, there are many more interesting things you can
205 | do rather than wait for the Python installer to be run.
206 |
207 |
208 | Module Search Path (sys.path)
209 | =============================
210 |
211 | * `python3 -E `_:
212 | ignore ``PYTHON*`` environment variables like ``PYTHONPATH``
213 | * `python3 -I `_:
214 | isolated mode, also implies ``-E`` and ``-s``
215 | * `bpo-5753: CVE-2008-5983 python: untrusted python modules search path
216 | `_ (2009) added `PySys_SetArgvEx()
217 | `_ (to Python
218 | 2.6.6, 2.7.0, 3.1.3, 3.2.0): allows embedders of the interpreter to set
219 | sys.argv without also modifying sys.path. This helps fix CVE-2008-5983.
220 | * `CVE-2015-5652 `_:
221 | Untrusted search path vulnerability in python.exe in Python through 3.5.0
222 | on Windows allows local users to gain privileges via a Trojan horse
223 | readline.pyd file in the current working directory. NOTE: the vendor says
224 | "It was determined that this is a longtime behavior of Python that cannot
225 | really be altered at this point."
226 |
227 | Static analysers of CPython code base
228 | =====================================
229 |
230 | * Coverity:
231 |
232 | - `Coverity Scan: Python `_
233 | - `devguide info about Coverity `_
234 | - `analysis of 2012 by Coverity Software resulted in CPython receiving their
235 | highest quality rating
236 | `_.
237 |
238 | * `LGTM `_
239 | * `Svace static analyzer
240 | `_
241 |
242 |
243 | Fuzzing
244 | =======
245 |
246 | * `Introduction to Fuzzing in Python with AFL
247 | `_
248 | (2015-04-13) by Alex Gaynor
249 |
250 |
251 | Misc
252 | ====
253 |
254 | * Python 3.7 adds a ``is_safe`` attribute to uuid.UUID objects:
255 | http://bugs.python.org/issue22807
256 | * XML: `defusedxml `_, XML bomb
257 | protection for Python stdlib modules
258 | * `Python at HackerOne `_
259 | * `humans.txt of python.org `_
260 | with the list of "people who found security bugs in the website".
261 | For the rationale, see `humanstxt.org `_.
262 |
263 | Python Security Response Team (PSRT)
264 | ====================================
265 |
266 | * Handle security@python.org incoming emails
267 | * `PSRT issues (private) `_
268 | * `LWN: The Python security response team
269 | `_ (June, 2016)
270 |
271 | Links
272 | =====
273 |
274 | * `Reporting security issues in Python
275 | `_
276 | * `Python Security Announce `_
277 | public mailing list
278 | * `OWASP Python Security Project (pythonsecurity.org)
279 | `_
280 | * `bandit: Python AST-based static analyzer from OpenStack Security Group
281 | `_
282 | * `Python CVEs (cvedetails.com)
283 | `_
284 | * https://gemnasium.com/
285 | * `owasp-pysec: OWASP Python Security Project
286 | `_
287 | * `LWN: Python ssl module update
288 | `_ by Christian Heimes at the Python
289 | Language Summit 2017 (during Pycon US, Portland, OR)
290 |
--------------------------------------------------------------------------------
/setup.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | """
3 | Fake setup.py only used by .readthedocs.yaml to run the render_doc.py script to
4 | build the documentation.
5 | """
6 | import os
7 | import sys
8 |
9 | script = 'render_doc.py'
10 | # render_doc.py
11 | print("Run %s" % script)
12 | sys.stdout.flush()
13 | args = [sys.executable, script]
14 | os.execv(args[0], args)
15 |
--------------------------------------------------------------------------------
/ssl.rst:
--------------------------------------------------------------------------------
1 | +++++++++++++++++++++++++++
2 | Python SSL and TLS security
3 | +++++++++++++++++++++++++++
4 |
5 | Evolutions of the ``ssl`` module.
6 |
7 | Cipher suite
8 | ============
9 |
10 | Python 2.7 and 3.5-3.7::
11 |
12 | _DEFAULT_CIPHERS = (
13 | 'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:'
14 | 'ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:'
15 | '!aNULL:!eNULL:!MD5:!3DES'
16 | )
17 |
18 | Python 3.4::
19 |
20 | _DEFAULT_CIPHERS = (
21 | 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:'
22 | 'DH+HIGH:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+HIGH:RSA+3DES:!aNULL:'
23 | '!eNULL:!MD5'
24 | )
25 |
26 | Python 3.3::
27 |
28 | _DEFAULT_CIPHERS = 'DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2'
29 |
30 | Options
31 | =======
32 |
33 | * ``SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS``: CBC IV attack countermeasure
34 | (CVE-2011-3389)
35 | * ``SSL_OP_NO_SSLv2``: SSLv2 is unsafe
36 | * ``SSL_OP_NO_SSLv3``: SSLv3 is unsafe
37 | * ``SSL_OP_NO_COMPRESSION``: `CRIME
38 | `_ countermeasure
39 | * ``SSL_OP_CIPHER_SERVER_PREFERENCE``
40 | * ``SSL_OP_SINGLE_DH_USE``
41 | * ``SSL_OP_SINGLE_ECDH_USE``
42 |
43 | Python 3.7::
44 |
45 | /* Defaults */
46 | options = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
47 | if (proto_version != PY_SSL_VERSION_SSL2)
48 | options |= SSL_OP_NO_SSLv2;
49 | if (proto_version != PY_SSL_VERSION_SSL3)
50 | options |= SSL_OP_NO_SSLv3;
51 | /* Minimal security flags for server and client side context.
52 | * Client sockets ignore server-side parameters. */
53 | #ifdef SSL_OP_NO_COMPRESSION
54 | options |= SSL_OP_NO_COMPRESSION;
55 | #endif
56 | #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
57 | options |= SSL_OP_CIPHER_SERVER_PREFERENCE;
58 | #endif
59 | #ifdef SSL_OP_SINGLE_DH_USE
60 | options |= SSL_OP_SINGLE_DH_USE;
61 | #endif
62 | #ifdef SSL_OP_SINGLE_ECDH_USE
63 | options |= SSL_OP_SINGLE_ECDH_USE;
64 | #endif
65 | SSL_CTX_set_options(self->ctx, options);
66 |
67 | CA store
68 | ========
69 |
70 | ``SSLContext.load_default_certs()`` new in Python 3.4.
71 |
72 | * Windows: ``ssl.enum_certificates(store_name)``, new in Python 3.4.
73 | Use `CertOpenStore()
74 | `_
75 | and ``CertEnumCertificatesInStore()`` functions.
76 | * Linux: xxx
77 | * macOS: xxx
78 |
79 | See also
80 |
81 | * `certifi `_: "Python package for
82 | providing Mozilla's CA Bundle".
83 | * `[Python-Dev] SSL certificates recommendations for downstream python packagers
84 | `_
85 |
86 | SSLContext
87 | ==========
88 |
89 | New in Python 3.2.
90 |
91 | CRLs
92 | ====
93 |
94 | * ``SSLContext.verify_flags``: New in Python 3.4
95 | * ``SSLContext.load_verify_locations()``: This method can also load
96 | certification revocation lists (CRLs) in PEM or DER format. New in Python 3.5.
97 | * ``ssl.enum_crls(store_name)``: new in Python 3.4, specific to Windows
98 |
99 | Validate TLS certificates
100 | =========================
101 |
102 | * `Python decides for certificate validation
103 | `_ (September, 2014)
104 | * CVE-2014-9365
105 | * Python 2.7.9 (2014-12-10)
106 | * Python 3.4.3 (2015-02-23)
107 | * `PEP 476: Enabling certificate verification by default for stdlib http
108 | clients `_: Python 3.4.3, 3.5
109 | * `PEP 466 `_: Python 2.7.9
110 | * Version matrix?
111 |
112 | - HTTP
113 | - SMTP
114 | - FTP
115 | - IMAP
116 | - POP3
117 | - XML-RPC
118 | - NNTP
119 |
120 | TLS versions
121 | ============
122 |
123 | * SSLv2 now black listed
124 | * SSLv3 now black listed
125 |
126 | OpenSSL versions
127 | ================
128 |
129 | Python bundled OpenSSL in Windows and macOS installers.
130 |
131 | OpenSSL versions (read from the Windows installer):
132 |
133 | * Python 3.6.1: OpenSSL 1.0.2k
134 | * Python 2.7.13, 3.5.3 and 3.6.0: OpenSSL 1.0.2j
135 | * Python 2.7.12, 3.5.2: OpenSSL 1.0.2h
136 | * Python 2.7.11, 3.4.4, 3.5.0, 3.5.1: OpenSSL 1.0.2d
137 | * Python 2.7.10: OpenSSL 1.0.2a
138 | * Python 2.7.9: OpenSSL 1.0.1j
139 | * Python 3.3.5: OpenSSL 1.0.1e
140 |
141 | Windows: see `PCbuild/get_externals.bat
142 | `_
143 | (or PCbuild/readme.txt in older versions).
144 |
145 | macOS: see `Mac/BuildScript/build-installer.py `_.
146 |
147 | macOS::
148 |
149 | # Since Apple removed the header files for the deprecated system
150 | # OpenSSL as of the Xcode 7 release (for OS X 10.10+), we do not
151 | # have much choice but to build our own copy here, too.
152 |
153 | Example of OpenSSL update: `Upgrade installers to OpenSSL 1.0.2k
154 | `_ (March 2017).
155 |
156 |
157 | Links
158 | =====
159 |
160 | * `The future of the Python ssl module
161 | `_ (June, 2016 )
162 | * `cryptography (cryptography.io) `_: Python library
163 | which exposes cryptographic recipes and primitives
164 | * `pyOpenSSL `_
165 | * `M2Crypto `_
166 | * `urllib3 _`
167 | * `LibreSSL `_
168 | * `boringssl `_
169 | * `multissl `_ (by
170 | Christian Heimes): Run Python tests against multiple installations of OpenSSL
171 | and LibreSSL
172 |
--------------------------------------------------------------------------------
/venv.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e -x
3 | python3 -m venv venv
4 | venv/bin/python -m pip install -r requirements.txt
5 |
--------------------------------------------------------------------------------