exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

CVE-2023-40217

Status Candidate

Overview

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)

Related Files

Ubuntu Security Notice USN-6513-2
Posted Nov 28, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6513-2 - USN-6513-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into processing a specially crafted plist file, an attacker could possibly use this issue to consume resources, resulting in a denial of service.

tags | advisory, denial of service, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2022-48564, CVE-2023-40217
SHA-256 | 701ececc93d67a78a460f6a43c83e5e9e64992057fec8f161b50e2d8b859fe92
Ubuntu Security Notice USN-6513-1
Posted Nov 25, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6513-1 - It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into processing a specially crafted plist file, an attacker could possibly use this issue to consume resources, resulting in a denial of service. It was discovered that Python instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake. An attacker could possibly use this issue to cause applications to treat unauthenticated received data before TLS handshake as authenticated data after TLS handshake.

tags | advisory, denial of service, python
systems | linux, ubuntu
advisories | CVE-2022-48564, CVE-2023-40217
SHA-256 | 6f14c4bab79c5ff6022515ca227db8dbf13728c77319d254ac9fbbed86388ffb
Red Hat Security Advisory 2023-6885-01
Posted Nov 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6885-01 - An update for python is now available for Red Hat Enterprise Linux 7. Issues addressed include a bypass vulnerability.

tags | advisory, python, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | 73907e36e7bfd30d9c846ffc48be5d485f187642ae721c967bb4557a04f44a41
Red Hat Security Advisory 2023-6823-01
Posted Nov 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6823-01 - An update for python3 is now available for Red Hat Enterprise Linux 7. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | 87f17cc64bf8bce954585a8f0a34f4f0e3bbc9f29df9205a4b22ce582e28c16a
Red Hat Security Advisory 2023-6290-01
Posted Nov 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6290-01 - An update for python is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Issues addressed include a bypass vulnerability.

tags | advisory, python, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | cd2a326770e59111ee1a401f38207606c73e2d9e7b29ea7eb7e4ff7dcfcbc0b7
Red Hat Security Advisory 2023-5993-01
Posted Nov 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5993-01 - An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | 18077809e6aad0578775c9c33434fe720964e55eb3e44ca783d877de07212561
Red Hat Security Advisory 2023-5990-01
Posted Nov 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5990-01 - An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | 097c258c87b42b84394f60a3c315752fd3ae145aa4c09de613e226b540dba6e1
Red Hat Security Advisory 2023-5992-01
Posted Oct 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5992-01 - An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | 2ef0cbb1252124e3733f8a2e023e601bbc791b349535aa95f9db83f62aab0867
Red Hat Security Advisory 2023-6069-01
Posted Oct 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6069-01 - An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | 50fe2cf11a5fb078d9939e16c0bba55492fcdf525de7c3c74a2f674bf9905216
Red Hat Security Advisory 2023-6068-01
Posted Oct 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6068-01 - An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | 80129dc8535c5b4e6f99b13f73804c82370a3a9ad3061e72d6eb933889c5ab2c
Red Hat Security Advisory 2023-5998-01
Posted Oct 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5998-01 - An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | 1fe4e267e9c90574134928c5fcc6ad9c12144e20660f8c1f2a8114451a242a1e
Red Hat Security Advisory 2023-5997-01
Posted Oct 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5997-01 - An update for python3 is now available for Red Hat Enterprise Linux 8. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | c66d66d0c3b0237df0cf5c73500d1d5b5d7869e6aab57c093ab0337d7c08647d
Red Hat Security Advisory 2023-5996-01
Posted Oct 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5996-01 - An update for python3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | 86aca76bf7242a64d6a2c45fe731ef7423b874283e4efdd5d68356b528ba8e6e
Red Hat Security Advisory 2023-5995-01
Posted Oct 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5995-01 - An update for python3 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | ab79e4e10808b3a55e3c9a9ffe8ee3df80c3b3fc63c9e85bf55dfd8b8dc80d5a
Red Hat Security Advisory 2023-5994-01
Posted Oct 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5994-01 - An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | a4a75cca84da4b7e98cfafdb26e69c5c5aac0dbc9fc41dfc74e358da063b9f32
Red Hat Security Advisory 2023-5991-01
Posted Oct 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5991-01 - An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | ce2f04e3481e54a005f9137c213427b282cfbe8d9a04da4cd390adfe83ea8079
Red Hat Security Advisory 2023-5528-01
Posted Oct 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5528-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

tags | advisory, python, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | a7809e9736bc296be97737d0134acf6fa48d78add499ff1793c34d58165a458a
Red Hat Security Advisory 2023-5531-01
Posted Oct 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5531-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

tags | advisory, python, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | a3ac08590b81392419d53e56814ac2bc5993d0b96b4d0fc7fbc90e5d72562f06
Red Hat Security Advisory 2023-5472-01
Posted Oct 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5472-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

tags | advisory, python, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | 9c1907fc55798106e0bd3a59d0c393769c3b9106a4a9363b9744bc3077648583
Red Hat Security Advisory 2023-5456-01
Posted Oct 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5456-01 - Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Issues addressed include a bypass vulnerability.

tags | advisory, python, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | f09181b9b7be43158cca59a700da7461f491ae25644238faaf8b1279d3ca31f1
Red Hat Security Advisory 2023-5462-01
Posted Oct 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5462-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

tags | advisory, python, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | 313f06d9ee1fe6f102aed74238c4b3de0da9f76aea3b0cec8d71f5838548559b
Red Hat Security Advisory 2023-5463-01
Posted Oct 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5463-01 - Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Issues addressed include a bypass vulnerability.

tags | advisory, python, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | 952e2fc910e9d17614ddee9613f6122dd79884b41702c86e0566f6059e098cc8
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close