CVE-2022-0391 CVE-2022-45061 CVE-2023-27043 CVE-2024-9287
Multiple vulnerabilities have been fixed in pypy3, an alternative implementation of the Python 3.x language.
CVE-2020-10735
A flaw was found in Python. In algorithms with quadratic time
complexity using non-binary bases, when using int("text"), a system
could take 50ms to parse an int string with 100,000 digits and 5s
for 1,000,000 digits (float, decimal, int.from_bytes(), and int()
for binary bases 2, 4, 8, 16, and 32 are not affected). The highest
threat from this vulnerability is to system availability.
CVE-2020-29651
A denial of service via regular expression in the py.path.svnwc
component of py (aka python-py) through 1.9.0 could be used by
attackers to cause a compute-time denial of service attack by
supplying malicious input to the blame functionality.
python-py is a part of the pypy3 distribution.
CVE-2021-3737
A flaw was found in Python. An improperly handled HTTP response in the
HTTP client code of Python may allow a remote attacker, who controls
the HTTP server, to make the client script enter an infinite loop,
consuming CPU time. The highest threat from this vulnerability is
to system availability.
CVE-2021-28861
Python has an open redirection vulnerability in lib/http/server.py
due to no protection against multiple (/) at the beginning of URI
path which may leads to information disclosure.
NOTE: this is disputed by a third party because the http.server.html
documentation page states "Warning: http.server is not recommended
for production. It only implements basic security checks."
CVE-2022-0391
A flaw was found in Python within the urllib.parse module. This
module helps break Uniform Resource Locator (URL) strings into
components. The issue involves how the urlparse method does not
sanitize input and allows characters like '\r' and '\n' in the URL
path. This...
7.3.5+dfsg-2+deb11u4