Security vulnerabilities

Total: 61 vulnerabilities.

Vulnerability Disclosure Fixed In Vulnerable
Zip Bomb vulnerability 2019-03-11 2.7
3.5
3.6
3.7
urlsplit does not handle NFKC normalization 2019-03-06 3.5.7
3.7.3
2.7
3.6
urllib module local_file:// scheme 2019-02-06 2.7
3.5
3.6
3.7
TALOS-2018-0758 SSL CRL distribution points Denial of Service 2019-01-15 2.7.16
3.4.10
3.5.7
3.7.3
3.6
xml package does not obey ignore_environment 2018-09-24 2.7.16
3.4.10
3.5.7
3.6.8
3.7.2
pickle.load denial of service 2018-09-13 3.4.10
3.5.7
3.6.7
3.7.1
_elementree C accelerator doesn’t call XML_SetHashSalt() 2018-09-10 2.7.16
3.4.10
3.5.7
3.6.7
3.7.1
Email folding function Denial-of-Service 2018-05-16 2.7
3.5
3.6
3.7
Buffer overflow vulnerability in os.symlink on Windows 2018-03-05 3.4.9
3.5.6
3.6.5
3.7.0
difflib and poplib catastrophic backtracking 2018-03-02 2.7.15
3.4.9
3.5.6
3.6.5
3.7.0
Python 2.7 readahead is not thread safe 2017-09-20 2.7.15
Expat 2.2.3 2017-07-17 2.7.14
3.3.7
3.4.8
3.5.5
3.6.3
3.7.0
Environment variables injection in subprocess on Windows 2017-06-22 2.7.14
3.3.7
3.4.7
3.5.4
3.6.2
3.7.0
Expat 2.2.1 2017-06-17 2.7.14
3.3.7
3.4.7
3.5.4
3.6.2
3.7.0
PyString_DecodeEscape integer overflow 2017-06-13 2.7.14
3.4.8
3.5.5
bpo-30500: urllib connects to a wrong host 2017-05-29 2.7.14
3.3.7
3.4.7
3.5.4
3.6.2
3.7.0
HTTP Header Injection (follow-up of CVE-2016-5699) 2017-05-24 2.7
3.5
3.6
3.7
urllib FTP protocol stream injection 2017-02-20 2.7.14
3.3.7
3.4.7
3.5.4
3.6.3
3.7.0
Expat 2.2 (Expat bug #537) 2017-02-17 2.7.14
3.3.7
3.4.7
3.5.4
3.6.2
3.7.0
Zlib 1.2.11 2017-01-05 2.7.14
3.4.8
3.5.4
3.6.1
3.7.0
gettext.c2py() 2016-10-30 2.7.13
3.3.7
3.4.6
3.5.3
3.6.0
Sweet32 attack (DES, 3DES) 2016-08-24 2.7.13
3.4.7
3.5.3
3.6.0
HTTPoxy attack 2016-07-18 2.7.13
3.3.7
3.4.6
3.5.3
3.6.0
smtplib TLS stripping 2016-06-11 2.7.12
3.3.7
3.4.5
3.5.2
3.6.0
Issue #26657: HTTP server directory traversal 2016-03-28 2.7.12
3.3.7
3.4.7
3.5.2
3.6.0
Issue #26556: Expat 2.1.1 2016-03-14 2.7.12
3.3.7
3.4.5
3.5.2
3.6.0
zipimporter overflow 2016-01-21 2.7.12
3.3.7
3.4.5
3.5.2
3.6.0
HTTP header injection 2014-11-24 2.7.10
3.3.7
3.4.4
3.5.0
Validate TLS certificate 2014-08-28 2.7.9
3.4.3
3.5.0
buffer() integer overflows 2014-06-24 2.7.8
JSONDecoder.raw_decode 2014-04-13 2.7.7
3.2.6
3.3.6
3.4.1
3.5.0
os.makedirs() not thread-safe 2014-03-28 3.2.6
3.3.6
3.4.1
3.5.0
socket.recvfrom_into() overflow 2014-01-14 2.7.7
3.2.6
3.3.4
3.4.0
zipfile DoS using invalid file size 2013-12-27 3.3.4
3.4.0
CGI directory traversal (URL parsing) 2013-10-29 2.7.6
3.2.6
3.3.4
3.4.0
ssl: NULL in subjectAltNames 2013-06-27 2.6.9
2.7.6
3.2.6
3.3.3
3.4.0
ssl.match_hostname() IDNA issue 2013-05-17 3.3.3
3.4.0
ssl.match_hostname() wildcard DoS 2013-05-15 3.2.6
3.3.3
3.4.0
Limit imaplib.IMAP4_SSL.readline() 2012-09-25 2.7.16
ftplib unlimited read 2012-09-25 2.7.6
3.2.6
3.3.3
3.4.0
nntplib unlimited read 2012-09-25 2.6.9
2.7.6
3.2.6
3.3.7
3.4.3
3.5.0
poplib unlimited read 2012-09-25 2.7.9
3.2.6
3.3.7
3.4.3
3.5.0
smtplib unlimited read 2012-09-25 2.7.9
3.2.6
3.3.7
3.4.3
3.5.0
xmlrpc gzip unlimited read 2012-09-25 2.7.9
3.3.7
3.4.3
3.5.0
Hash function not randomized properly 2012-04-19 3.4.0 2.7
Vulnerability in the utf-16 decoder after error handling 2012-04-14 2.7.4
3.2.4
3.3.0
XML-RPC DoS 2012-02-13 2.6.8
2.7.3
3.1.5
3.2.3
3.3.0
ssl CBC IV attack 2012-01-27 2.6.8
2.7.3
3.1.5
3.2.3
3.3.0
Hash DoS 2011-12-28 2.6.8
2.7.3
3.1.5
3.2.3
3.3.0
pypirc created insecurely 2011-11-30 2.7.4
3.2.4
3.3.1
3.4.0
urllib redirect 2011-03-24 2.5.6
2.6.7
2.7.2
3.1.4
3.2.1
3.3.0
SimpleHTTPServer UTF-7 2011-03-08 2.5.6
2.6.7
2.7.2
3.2.4
3.3.1
3.4.0
audioop integer overflows 2010-05-10 2.6.6
2.7.0
3.1.3
3.2.0
audioop input validation 2010-01-11 2.6.6
2.7.2
3.1.3
3.2.0
httplib unlimited read 2009-08-28 2.7.2
3.1.4
3.2.0
smtpd accept bug and race condition 2009-08-14 2.7.1
3.1.3
3.2.0
Multiple integer overflows (Apple) 2008-07-31 2.6.0
3.0.0
Multiple integer overflows (Google) 2008-04-11 2.5.3
2.6.0
3.0.0
expandtab() integer overflow 2008-03-11 2.5.3
2.6.0
3.0.0
CGI directory traversal (is_cgi() function) 2008-03-07 2.7.0
3.2.4
3.3.1
3.4.0
rgbimg and imageop overflows 2007-09-16 2.5.3
2.6.0

Table of Contents: