Python is vulnerable to denial-of-service (DoS) via uncontrolled recursion when parsing manipulated email addresses with the function `parseaddr`. A re
more...
Python is vulnerable to denial-of-service (DoS) via uncontrolled recursion when parsing manipulated email addresses with the function `parseaddr`. A remote attacker could send a crafted email address input to a network facing application that uses `parseaddr` to parse email addresses. In the worst case, this could crash the application.
**Note:** `email.utils.parseaddr` is categorized as a legacy API in the documentation for the Python email package.
**Note:** The vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code.
less...
Heap use-after-free vulnerabilities have been discovered in CPython. If a remote attacker can deceive a victim to run a crafted input Python file they
more...
Heap use-after-free vulnerabilities have been discovered in CPython. If a remote attacker can deceive a victim to run a crafted input Python file they could crash the Python interpreter, and there is a possibility the use-after-free could be leveraged for arbitrary code execution.
less...
GNU Sharutils and Python is vulnerable to path traversal which may lead to an arbitrary file write on the file system. An attacker could exploit this f
more...
GNU Sharutils and Python is vulnerable to path traversal which may lead to an arbitrary file write on the file system. An attacker could exploit this flaw by tricking a victim with root privileges into decoding a malicious file in order to write files outside the intended directory.
**Note:**
* The `uu` module in Python is now deprecated and there are currently plans to remove it in version **3.13**. It is only exploitable if no filename is given.
* The Sharutils developers confirmed the report but have advised that this is intended behaviour according to the POSIX standard.
less...
This site uses cookies to give you the best possible experience.
By using the site, you consent to our use of cookies.
For more information, please see our
Privacy Policy