rpm package
suse/python3-base&distro=SUSE Linux Enterprise Software Development Kit 12 SP3
pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-5010 | — | < 3.4.6-25.21.1 | 3.4.6-25.21.1 | Oct 31, 2019 | An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connection | ||
| CVE-2019-9636 | — | < 3.4.6-25.24.1 | 3.4.6-25.24.1 | Mar 8, 2019 | Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The component | ||
| CVE-2018-20406 | — | < 3.4.6-25.21.1 | 3.4.6-25.21.1 | Dec 23, 2018 | Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundr | ||
| CVE-2018-1061 | Med | 6.5 | < 3.4.6-25.16.1 | 3.4.6-25.16.1 | Jun 19, 2018 | python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. | |
| CVE-2018-1060 | Hig | 7.5 | < 3.4.6-25.16.1 | 3.4.6-25.16.1 | Jun 18, 2018 | python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. | |
| CVE-2017-18207 | Med | 6.5 | < 3.4.6-25.7.1 | 3.4.6-25.7.1 | Mar 1, 2018 | The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue beca |
- CVE-2019-5010Oct 31, 2019affected < 3.4.6-25.21.1fixed 3.4.6-25.21.1
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connection
- CVE-2019-9636Mar 8, 2019affected < 3.4.6-25.24.1fixed 3.4.6-25.24.1
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The component
- CVE-2018-20406Dec 23, 2018affected < 3.4.6-25.21.1fixed 3.4.6-25.21.1
Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundr
- affected < 3.4.6-25.16.1fixed 3.4.6-25.16.1
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
- affected < 3.4.6-25.16.1fixed 3.4.6-25.16.1
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
- affected < 3.4.6-25.7.1fixed 3.4.6-25.7.1
The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue beca