Описание
There is an issue in CPython when using bytes.decode("unicode_escape", error="ignore|replace"). If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.
A vulnerability has been identified in CPython's bytes.decode() function when used with the "unicode_escape" encoding and the "ignore" or "replace" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | python3.12 | Fix deferred | ||
| Red Hat Enterprise Linux 6 | python | Out of support scope | ||
| Red Hat Enterprise Linux 7 | python | Fix deferred | ||
| Red Hat Enterprise Linux 7 | python3 | Fix deferred | ||
| Red Hat Enterprise Linux 8 | python3 | Fix deferred | ||
| Red Hat Enterprise Linux 8 | python3.11 | Fix deferred | ||
| Red Hat Enterprise Linux 8 | python3.12 | Fix deferred | ||
| Red Hat Enterprise Linux 8 | python36:3.6/python36 | Fix deferred | ||
| Red Hat Enterprise Linux 9 | python3.11 | Fix deferred | ||
| Red Hat Enterprise Linux 9 | python3.12 | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.1 Medium
CVSS3
Связанные уязвимости
There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.
There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.
There is an issue in CPython when using `bytes.decode("unicode_escape" ...
There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.
EPSS
5.1 Medium
CVSS3