Red Hat Enterprise Linux
Description
Red Hat Enterprise Linux (RHEL) is a commercial open-source Linux distribution developed by Red Hat for the commercial market.
Website
Product names
enterprise_linux, Red Hat Enterprise Linux 6
Related organization
CVE-2021-42780 (GCVE-0-2021-42780)
Vulnerability from
Published
2022-04-18 00:00
Modified
2025-11-03 21:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:45:29.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016139"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/OpenSC/OpenSC/commit/5df913b7"
},
{
"name": "GLSA-202209-03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-03"
},
{
"name": "[debian-lts-announce] 20230621 [SECURITY] [DLA 3463-1] opensc security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "opensc",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "opensc 0.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-21T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016139"
},
{
"url": "https://github.com/OpenSC/OpenSC/commit/5df913b7"
},
{
"name": "GLSA-202209-03",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202209-03"
},
{
"name": "[debian-lts-announce] 20230621 [SECURITY] [DLA 3463-1] opensc security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-42780",
"datePublished": "2022-04-18T00:00:00.000Z",
"dateReserved": "2021-10-21T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:45:29.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-42779 (GCVE-0-2021-42779)
Vulnerability from
Published
2022-04-18 00:00
Modified
2025-11-03 21:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:45:27.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016086"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/OpenSC/OpenSC/commit/1db88374"
},
{
"name": "GLSA-202209-03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-03"
},
{
"name": "[debian-lts-announce] 20230621 [SECURITY] [DLA 3463-1] opensc security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "opensc",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "opensc 0.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-21T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016086"
},
{
"url": "https://github.com/OpenSC/OpenSC/commit/1db88374"
},
{
"name": "GLSA-202209-03",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202209-03"
},
{
"name": "[debian-lts-announce] 20230621 [SECURITY] [DLA 3463-1] opensc security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-42779",
"datePublished": "2022-04-18T00:00:00.000Z",
"dateReserved": "2021-10-21T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:45:27.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-42778 (GCVE-0-2021-42778)
Vulnerability from
Published
2022-04-18 16:20
Modified
2025-11-03 21:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:45:26.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016083"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenSC/OpenSC/commit/f015746d"
},
{
"name": "GLSA-202209-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-03"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "opensc",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "opensc 0.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-672",
"description": "CWE-672",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-07T04:06:28.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016083"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSC/OpenSC/commit/f015746d"
},
{
"name": "GLSA-202209-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-42778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "opensc",
"version": {
"version_data": [
{
"version_value": "opensc 0.22.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-672"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2016083",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016083"
},
{
"name": "https://github.com/OpenSC/OpenSC/commit/f015746d",
"refsource": "MISC",
"url": "https://github.com/OpenSC/OpenSC/commit/f015746d"
},
{
"name": "GLSA-202209-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-42778",
"datePublished": "2022-04-18T16:20:39.000Z",
"dateReserved": "2021-10-21T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:45:26.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-4189 (GCVE-0-2021-4189)
Vulnerability from
Published
2022-08-24 00:00
Modified
2025-11-03 21:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Not-Known
Summary
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:45:21.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.python.org/issue43285"
},
{
"tags": [
"x_transferred"
],
"url": "https://python-security.readthedocs.io/vuln/ftplib-pasv.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-4189"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036020"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4189"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221104-0004/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "python",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in python 3.6.14, python 3.7.11, python 3.8.9, python 3.9.3, python 3.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Not-Known",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugs.python.org/issue43285"
},
{
"url": "https://python-security.readthedocs.io/vuln/ftplib-pasv.html"
},
{
"url": "https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2021-4189"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036020"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-4189"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221104-0004/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4189",
"datePublished": "2022-08-24T00:00:00.000Z",
"dateReserved": "2021-12-29T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:45:21.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-3737 (GCVE-0-2021-3737)
Vulnerability from
Published
2022-03-04 00:00
Modified
2025-11-03 21:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-835 - - Loop with Unreachable Exit Condition ('Infinite Loop'), CWE-400 - Uncontrolled Resource Consumption
Summary
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:45:09.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.python.org/issue44022"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/25916"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995162"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/26503"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2021-3737"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220407-0009/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "python",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in python v3.6.14, python v3.7.11, python v3.8.11, python v3.9.6, python v3.10.0b2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 - Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027), CWE-400 - Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugs.python.org/issue44022"
},
{
"url": "https://github.com/python/cpython/pull/25916"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995162"
},
{
"url": "https://github.com/python/cpython/pull/26503"
},
{
"url": "https://ubuntu.com/security/CVE-2021-3737"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220407-0009/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3737",
"datePublished": "2022-03-04T00:00:00.000Z",
"dateReserved": "2021-08-26T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:45:09.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-3733 (GCVE-0-2021-3733)
Vulnerability from
Published
2022-03-07 00:00
Modified
2025-11-03 21:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - - Uncontrolled Resource Consumption
Summary
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:45:06.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.python.org/issue43075"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995234"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/24391"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2021-3733"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220407-0001/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "python",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in python v3.6.14, python v3.7.11, python v3.8.10, python v3.9.5."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There\u0027s a flaw in urllib\u0027s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 - Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugs.python.org/issue43075"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995234"
},
{
"url": "https://github.com/python/cpython/pull/24391"
},
{
"url": "https://ubuntu.com/security/CVE-2021-3733"
},
{
"url": "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220407-0001/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3733",
"datePublished": "2022-03-07T00:00:00.000Z",
"dateReserved": "2021-08-23T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:45:06.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-3426 (GCVE-0-2021-3426)
Vulnerability from
Published
2021-05-20 00:00
Modified
2025-11-03 21:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:44:51.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html"
},
{
"name": "FEDORA-2021-a311bf10d4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/"
},
{
"name": "FEDORA-2021-2ab6f060d9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/"
},
{
"name": "FEDORA-2021-1769a23935",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/"
},
{
"name": "FEDORA-2021-b6b6093b3a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/"
},
{
"name": "FEDORA-2021-067c9deff1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/"
},
{
"name": "FEDORA-2021-0a8f3ffbc0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/"
},
{
"name": "FEDORA-2021-a26257ccf5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/"
},
{
"name": "GLSA-202104-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202104-04"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935913"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210629-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "python",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "python 3.8.9, python 3.9.3, python 3.10.0a7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There\u0027s a flaw in Python 3\u0027s pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html"
},
{
"name": "FEDORA-2021-a311bf10d4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/"
},
{
"name": "FEDORA-2021-2ab6f060d9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/"
},
{
"name": "FEDORA-2021-1769a23935",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/"
},
{
"name": "FEDORA-2021-b6b6093b3a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/"
},
{
"name": "FEDORA-2021-067c9deff1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/"
},
{
"name": "FEDORA-2021-0a8f3ffbc0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/"
},
{
"name": "FEDORA-2021-a26257ccf5",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/"
},
{
"name": "GLSA-202104-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202104-04"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935913"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210629-0003/"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3426",
"datePublished": "2021-05-20T00:00:00.000Z",
"dateReserved": "2021-03-09T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:44:51.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-10735 (GCVE-0-2020-10735)
Vulnerability from
Published
2022-09-09 00:00
Modified
2025-11-03 21:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- DoS
Summary
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:44:16.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2020-10735"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/issues/95778"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834423"
},
{
"name": "FEDORA-2022-46a44a7f83",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/"
},
{
"name": "FEDORA-2022-66b65beccb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/"
},
{
"name": "FEDORA-2022-4b31e33ed0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/"
},
{
"name": "FEDORA-2022-6d57598a23",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/"
},
{
"name": "FEDORA-2022-f330bbfda2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/"
},
{
"name": "FEDORA-2022-29d436596f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/"
},
{
"name": "FEDORA-2022-b01214472e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/"
},
{
"name": "FEDORA-2022-dd5032bedf",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/"
},
{
"name": "FEDORA-2022-8535093cba",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/"
},
{
"name": "FEDORA-2022-72213986b8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBPDVCDIUCEBE7C4NAGNA2KQJYOTPBAZ/"
},
{
"name": "[oss-security] 20220921 big ints in python: CVE-2020-10735",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/21/1"
},
{
"name": "[oss-security] 20220921 Re: big ints in python: CVE-2020-10735",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/21/4"
},
{
"name": "FEDORA-2022-f511f8f58b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/"
},
{
"name": "FEDORA-2022-c072cdc3c8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5U223OE5ZOUHZAZYSYSWVJQIKDE73E/"
},
{
"name": "FEDORA-2022-0b3904c674",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/"
},
{
"name": "FEDORA-2022-141f632a6f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/"
},
{
"name": "FEDORA-2022-ac82a548df",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/"
},
{
"name": "FEDORA-2022-d4570fc1a6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/"
},
{
"name": "FEDORA-2022-b8b34e62ab",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/"
},
{
"name": "FEDORA-2022-d1682fef04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/"
},
{
"name": "FEDORA-2022-79843dfb3c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/"
},
{
"name": "FEDORA-2022-958fd7a32e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMWPRAAJS7I6U3U45V7GZVXWNSECI22M/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "python",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "python 3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T22:06:31.040Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2020-10735"
},
{
"url": "https://github.com/python/cpython/issues/95778"
},
{
"url": "https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834423"
},
{
"name": "FEDORA-2022-46a44a7f83",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/"
},
{
"name": "FEDORA-2022-66b65beccb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/"
},
{
"name": "FEDORA-2022-4b31e33ed0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/"
},
{
"name": "FEDORA-2022-6d57598a23",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/"
},
{
"name": "FEDORA-2022-f330bbfda2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/"
},
{
"name": "FEDORA-2022-29d436596f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/"
},
{
"name": "FEDORA-2022-b01214472e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/"
},
{
"name": "FEDORA-2022-dd5032bedf",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/"
},
{
"name": "FEDORA-2022-8535093cba",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/"
},
{
"name": "FEDORA-2022-72213986b8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBPDVCDIUCEBE7C4NAGNA2KQJYOTPBAZ/"
},
{
"name": "[oss-security] 20220921 big ints in python: CVE-2020-10735",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/21/1"
},
{
"name": "[oss-security] 20220921 Re: big ints in python: CVE-2020-10735",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/21/4"
},
{
"name": "FEDORA-2022-f511f8f58b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/"
},
{
"name": "FEDORA-2022-c072cdc3c8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5U223OE5ZOUHZAZYSYSWVJQIKDE73E/"
},
{
"name": "FEDORA-2022-0b3904c674",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/"
},
{
"name": "FEDORA-2022-141f632a6f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/"
},
{
"name": "FEDORA-2022-ac82a548df",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/"
},
{
"name": "FEDORA-2022-d4570fc1a6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/"
},
{
"name": "FEDORA-2022-b8b34e62ab",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/"
},
{
"name": "FEDORA-2022-d1682fef04",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/"
},
{
"name": "FEDORA-2022-79843dfb3c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/"
},
{
"name": "FEDORA-2022-958fd7a32e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMWPRAAJS7I6U3U45V7GZVXWNSECI22M/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10735",
"datePublished": "2022-09-09T00:00:00.000Z",
"dateReserved": "2020-03-20T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:44:16.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-3618 (GCVE-0-2023-3618)
Vulnerability from
Published
2023-07-12 14:06
Modified
2025-11-03 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | libtiff | |||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:35:36.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3618"
},
{
"name": "RHBZ#2215865",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215865"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230824-0012/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214038"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214036"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214037"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:26:00.978317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:26:31.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "libtiff",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "libtiff",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "compat-libtiff3",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "libtiff",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "compat-libtiff3",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "libtiff",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "libtiff",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "iv",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "libtiff",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-libtiff",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "tkimg",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T00:27:54.327Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3618"
},
{
"name": "RHBZ#2215865",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215865"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230824-0012/"
},
{
"url": "https://support.apple.com/kb/HT214038"
},
{
"url": "https://support.apple.com/kb/HT214036"
},
{
"url": "https://support.apple.com/kb/HT214037"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-19T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-02-13T00:00:00Z",
"value": "Made public."
}
],
"title": "Segmentation fault in fax3encode in libtiff/tif_fax3.c",
"x_redhatCweChain": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3618",
"datePublished": "2023-07-12T14:06:04.572Z",
"dateReserved": "2023-07-11T14:46:05.545Z",
"dateUpdated": "2025-11-03T20:35:36.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-3618 (GCVE-0-2023-3618)
Vulnerability from
Published
2023-07-12 14:06
Modified
2025-11-03 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | libtiff | |||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:35:36.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3618"
},
{
"name": "RHBZ#2215865",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215865"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230824-0012/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214038"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214036"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214037"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:26:00.978317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:26:31.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "libtiff",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "libtiff",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "compat-libtiff3",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "libtiff",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "compat-libtiff3",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "libtiff",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "libtiff",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "iv",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "libtiff",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-libtiff",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "tkimg",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T00:27:54.327Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3618"
},
{
"name": "RHBZ#2215865",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215865"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230824-0012/"
},
{
"url": "https://support.apple.com/kb/HT214038"
},
{
"url": "https://support.apple.com/kb/HT214036"
},
{
"url": "https://support.apple.com/kb/HT214037"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-19T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-02-13T00:00:00Z",
"value": "Made public."
}
],
"title": "Segmentation fault in fax3encode in libtiff/tif_fax3.c",
"x_redhatCweChain": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3618",
"datePublished": "2023-07-12T14:06:04.572Z",
"dateReserved": "2023-07-11T14:46:05.545Z",
"dateUpdated": "2025-11-03T20:35:36.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
displaying 601 - 610 organizations in total 784