| Description: | Summary:
The remote host is missing an update for the 'python3.8, python3.10, python3.12' package(s) announced via the USN-7015-1 advisory.
Vulnerability Insight:
It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could possibly
use this issue to bypass certain protection mechanisms. (CVE-2023-27043)
It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue to
cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)
It was discovered that the Python email module incorrectly quoted newlines
for email headers. A remote attacker could possibly use this issue to
perform header injection. (CVE-2024-6923)
It was discovered that the Python http.cookies module incorrectly handled
parsing cookies that contained backslashes for quoted characters. A remote
attacker could possibly use this issue to cause Python to consume
resources, leading to a denial of service. (CVE-2024-7592)
It was discovered that the Python zipfile module incorrectly handled
certain malformed zip files. A remote attacker could possibly use this
issue to cause Python to stop responding, resulting in a denial of service.
(CVE-2024-8088)
Affected Software/OS:
'python3.8, python3.10, python3.12' package(s) on Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04.
Solution:
Please install the updated package(s).
CVSS Score:
7.8
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
