Python — высокоуровневый язык программирования общего назначения. Его философия дизайна делает акцент на читаемости кода.
Релизный цикл, информация об уязвимостях
График релизов
Количество 879

SUSE-SU-2023:3804-1
Security update for python3

SUSE-SU-2023:3731-1
Security update for python36

SUSE-SU-2023:3730-1
Security update for python

SUSE-SU-2023:3708-1
Security update for python39

RLSA-2023:3585
Important: python3.11 security update

RLSA-2023:3595
Important: python3.9 security update

RLSA-2023:3594
Important: python3.11 security update
GHSA-4j9r-82g6-9mj3
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)

CVE-2023-40217
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)
CVE-2023-40217
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
---|---|---|---|---|
![]() | SUSE-SU-2023:3804-1 Security update for python3 | 0% Низкий | почти 2 года назад | |
![]() | SUSE-SU-2023:3731-1 Security update for python36 | 0% Низкий | почти 2 года назад | |
![]() | SUSE-SU-2023:3730-1 Security update for python | 0% Низкий | почти 2 года назад | |
![]() | SUSE-SU-2023:3708-1 Security update for python39 | 0% Низкий | почти 2 года назад | |
![]() | RLSA-2023:3585 Important: python3.11 security update | 1% Низкий | почти 2 года назад | |
![]() | RLSA-2023:3595 Important: python3.9 security update | 1% Низкий | почти 2 года назад | |
![]() | RLSA-2023:3594 Important: python3.11 security update | 1% Низкий | почти 2 года назад | |
GHSA-4j9r-82g6-9mj3 An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) | CVSS3: 5.3 | 0% Низкий | почти 2 года назад | |
![]() | CVE-2023-40217 An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) | CVSS3: 5.3 | 0% Низкий | почти 2 года назад |
CVE-2023-40217 An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, ... | CVSS3: 5.3 | 0% Низкий | почти 2 года назад |
Уязвимостей на страницу