Python — высокоуровневый язык программирования общего назначения. Его философия дизайна делает акцент на читаемости кода.
Релизный цикл, информация об уязвимостях
График релизов
Количество 879
CVE-2023-36632
The legacy email.utils.parseaddr function in Python through 3.11.4 all ...
CVE-2023-36632
** DISPUTED ** The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code.
CVE-2023-36632
The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code.
BDU:2023-04977
Уязвимость функции email.utils.parseaddr интерпретатора языка программирования Python, позволяющая нарушителю вызвать отказ в обслуживании
RLSA-2023:3591
Important: python3 security update
SUSE-SU-2023:2517-1
Security update for python3
SUSE-SU-2023:2473-1
Security update for python36
SUSE-SU-2023:2463-1
Security update for python310
GHSA-pqc2-g93j-9599
CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.
CVE-2023-33595
CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2023-36632 The legacy email.utils.parseaddr function in Python through 3.11.4 all ... | CVSS3: 7.5 | 0% Низкий | около 2 лет назад |
 | CVE-2023-36632 ** DISPUTED ** The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code. | CVSS3: 7.5 | 0% Низкий | около 2 лет назад |
 | CVE-2023-36632 The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code. | 0% Низкий | около 2 лет назад | |
 | BDU:2023-04977 Уязвимость функции email.utils.parseaddr интерпретатора языка программирования Python, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | около 2 лет назад |
 | RLSA-2023:3591 Important: python3 security update | 1% Низкий | около 2 лет назад | |
 | SUSE-SU-2023:2517-1 Security update for python3 | 93% Критический | около 2 лет назад | |
| SUSE-SU-2023:2473-1 Security update for python36 | 93% Критический | около 2 лет назад | |
| SUSE-SU-2023:2463-1 Security update for python310 | 93% Критический | около 2 лет назад | |
| GHSA-pqc2-g93j-9599 CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. | CVSS3: 5.5 | 0% Низкий | около 2 лет назад |
 | CVE-2023-33595 CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. | CVSS3: 5.5 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу