Search CVE reports
21 – 26 of 26 results
CVE-2022-48560
Medium prioritySome fixes available 8 of 11
A use-after-free exists in Python through 3.9 via heappushpop in heapq.
11 affected packages
python, python2.7, python3.10, python3.11, python3.12...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python | Not in release | Not in release | Not in release | Ignored | Ignored |
python2.7 | Not in release | Needs evaluation | Needs evaluation | Fixed | Fixed |
python3.10 | Not in release | Not affected | Not in release | Not in release | Not in release |
python3.11 | Not in release | Not affected | Not in release | Not in release | Not in release |
python3.12 | Not affected | Not in release | Not in release | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.8 | Not in release | Not in release | Not affected | Fixed | Not in release |
python3.9 | Not in release | Not in release | Not affected | Not in release | Not in release |
CVE-2023-38898
Medium priority** DISPUTED ** An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release...
11 affected packages
python, python2.7, python3.10, python3.11, python3.12...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python | Not in release | Not in release | Not in release | Ignored | Ignored |
python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
python3.10 | Not in release | Not affected | Not in release | Not in release | Not in release |
python3.11 | Not in release | Not affected | Not in release | Not in release | Not in release |
python3.12 | Not affected | Not in release | Not in release | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Not affected |
python3.6 | Not in release | Not in release | Not in release | Not affected | Not in release |
python3.7 | Not in release | Not in release | Not in release | Not affected | Not in release |
python3.8 | Not in release | Not in release | Not affected | Not affected | Not in release |
python3.9 | Not in release | Not in release | Not affected | Not in release | Not in release |
CVE-2023-36632
Medium priority** DISPUTED ** The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument...
11 affected packages
python, python2.7, python3.10, python3.11, python3.12...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python | — | Not in release | Not in release | Ignored | Ignored |
python2.7 | — | Not affected | Not affected | Not affected | Not affected |
python3.10 | — | Not affected | Not in release | Not in release | Not in release |
python3.11 | — | Not affected | Not in release | Not in release | Not in release |
python3.12 | — | Not in release | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Not affected |
python3.6 | — | Not in release | Not in release | Not affected | Not in release |
python3.7 | — | Not in release | Not in release | Not affected | Not in release |
python3.8 | — | Not in release | Not affected | Not affected | Not in release |
python3.9 | — | Not in release | Not affected | Not in release | Not in release |
CVE-2023-33595
Medium priorityCPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.
11 affected packages
python, python2.7, python3.10, python3.11, python3.12...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python | — | Not in release | Not in release | Ignored | Ignored |
python2.7 | — | Not affected | Not affected | Not affected | Not affected |
python3.10 | — | Not affected | Not in release | Not in release | Not in release |
python3.11 | — | Not affected | Not in release | Not in release | Not in release |
python3.12 | — | Not in release | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Not affected |
python3.6 | — | Not in release | Not in release | Not affected | Not in release |
python3.7 | — | Not in release | Not in release | Not affected | Not in release |
python3.8 | — | Not in release | Not affected | Not affected | Not in release |
python3.9 | — | Not in release | Not affected | Not in release | Not in release |
CVE-2023-27043
Medium prioritySome fixes available 10 of 21
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker...
11 affected packages
python2.7, python3.10, python3.11, python3.12, python3.13...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Fixed | Fixed | Fixed | Fixed |
python3.10 | Not in release | Fixed | Not in release | Not in release | Not in release |
python3.11 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
python3.12 | Fixed | Not in release | Not in release | Not in release | Not in release |
python3.13 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
python3.7 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
python3.8 | Not in release | Not in release | Fixed | Vulnerable | Not in release |
python3.9 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
CVE-2007-4559
Medium prioritySome fixes available 2 of 30
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR...
16 affected packages
python2.3, python2.4, python2.5, python2.6, python2.7...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.3 | — | — | — | — | — |
python2.4 | — | — | — | — | — |
python2.5 | — | — | — | — | — |
python2.6 | — | — | — | — | — |
python2.7 | — | Ignored | Ignored | Ignored | Ignored |
python3.0 | — | — | — | — | — |
python3.1 | — | — | — | — | — |
python3.10 | — | Fixed | Not in release | Not in release | Not in release |
python3.11 | — | Ignored | Not in release | Not in release | Not in release |
python3.12 | — | Not in release | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Ignored |
python3.6 | — | Not in release | Not in release | Ignored | Not in release |
python3.7 | — | Not in release | Not in release | Ignored | Not in release |
python3.8 | — | Not in release | Ignored | Ignored | Not in release |
python3.9 | — | Not in release | Ignored | Not in release | Not in release |