Python Security¶
This page is an attempt to document security vulnerabilities in Python and the versions including the fix.
Pages¶
- Python Security Vulnerabilities
- Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple
- urlparse does not correctly handle schemes
- Buffer overflow in the _sha3 module in Python 3.10 and older
- Slow IDNA decoding with large strings
- Linux specific local privilege escalation via the multiprocessing forkserver start method
- Prevent DoS by large str-int conversions
- Windows: vulnerable zlib 1.2.11
- Windows: vulnerable bzip2 1.0.6
- CVE-2013-0340 Billion Laughs fixed in Expat 2.4.0
- CVE-2021-3737: urllib HTTP client possible infinite loop on a 100 Continue response
- urllib.parse should sanitize urls containing ASCII newline and tabs.
- ipaddress leading zeros in IPv4 address
- ftplib should not use the host from the PASV response
- http.server: Open Redirection if the URL path starts with //
- CVE-2021-3733: ReDoS in urllib.request
- Information disclosure via pydoc getfile
- urllib parse_qsl(): Web cache poisoning - semicolon as a query args separator
- ctypes: Buffer overflow in PyCArg_repr
- CJK codecs tests call eval() on content retrieved via HTTP
- [CVE-2020-14422] Hash collisions in IPv4Interface and IPv6Interface
- http.client: HTTP Header Injection in the HTTP method
- CVE-2020-8315: Unsafe DLL loading in getpathp.c on Windows 7
- Email header injection in Address objects
- Infinite loop in tarfile module while opening a crafted file
- Remove newline characters from uu encoding methods
- urllib basic auth regex denial of service
- Regular Expression Denial of Service in http.cookiejar
- CVE-2019-18348: CRLF injection via the host part of the url passed to urlopen()
- Reflected XSS in DocXMLRPCServer
- ssl.match_hostname() ignores extra string after whitespace in IPv4 address
- urlsplit does not handle NFKC normalization (second fix)
- urlsplit does not handle NFKC normalization
- urllib module local_file:// scheme
- TALOS-2018-0758 SSL CRL distribution points Denial of Service
- http.cookiejar: Incorrect validation of path
- xml package does not obey ignore_environment
- pickle.load denial of service
- _elementree C accelerator doesn’t call XML_SetHashSalt()
- email.utils.parseaddr mistakenly parse an email
- Email folding function Denial-of-Service
- Buffer overflow vulnerability in os.symlink on Windows
- difflib and poplib catastrophic backtracking
- Python 2.7 readahead is not thread safe
- Expat 2.2.3
- Environment variables injection in subprocess on Windows
- Expat 2.2.1
- PyString_DecodeEscape integer overflow
- bpo-30500: urllib connects to a wrong host
- HTTP Header Injection (follow-up of CVE-2016-5699)
- Py_SetPath(): _Py_CheckPython3 uses uninitialized DLL path
- urllib FTP protocol stream injection
- Expat 2.2 (Expat bug #537)
- Zlib 1.2.11
- gettext.c2py()
- Sweet32 attack (DES, 3DES)
- HTTPoxy attack
- smtplib TLS stripping
- Issue #26657: HTTP server directory traversal
- Issue #26556: Expat 2.1.1
- zipimporter overflow
- mailcap shell command injection
- HTTP header injection
- Validate TLS certificate
- buffer() integer overflows
- JSONDecoder.raw_decode
- os.makedirs() not thread-safe
- socket.recvfrom_into() overflow
- zipfile DoS using invalid file size
- CGI directory traversal (URL parsing)
- ssl: NULL in subjectAltNames
- ssl.match_hostname() IDNA issue
- ssl.match_hostname() wildcard DoS
- Limit imaplib.IMAP4_SSL.readline()
- ftplib unlimited read
- nntplib unlimited read
- poplib unlimited read
- smtplib unlimited read
- xmlrpc gzip unlimited read
- Hash function not randomized properly
- Vulnerability in the utf-16 decoder after error handling
- XML-RPC DoS
- ssl CBC IV attack
- Hash DoS
- pypirc created insecurely
- urllib redirect
- SimpleHTTPServer UTF-7
- audioop integer overflows
- audioop input validation
- httplib unlimited read
- smtpd accept bug and race condition
- Multiple integer overflows (Apple)
- Multiple integer overflows (Google)
- expandtab() integer overflow
- CGI directory traversal (is_cgi() function)
- rgbimg and imageop overflows
- Packages and PyPI
- Python SSL and TLS security
- Python Security
Status of Python branches lists Python branches which get security fixes.