Debian 11: DLA-3966-1 critical: pypy3 multiple security issues
debian lts
November 26, 2024
Multiple vulnerabilities have been fixed in pypy3, an alternative implementation of the Python 3.x language
Summary
CVE-2020-10735
A flaw was found in Python. In algorithms with quadratic time
complexity using non-binary bases, when using int("text"), a system
could take 50ms to parse an int string with 100,000 digits and 5s
for 1,000,000 digits (float, decimal, int.from_bytes(), and int()
for binary bases 2, 4, 8, 16, and 32 are not affected). The highest
threat from this vulnerability is to system availability.
CVE-2020-29651
A denial of service via regular expression in the py.path.svnwc
component of py (aka python-py) through 1.9.0 could be used by
attackers to cause a compute-time denial of service attack by
supplying malicious input to the blame functionality.
python-py is a part of the pypy3 distribution.
CVE-2021-3737
A flaw was found in Python. An improperly handled HTTP response in the
HTTP client code of Python may allow a remote attacker, who controls
the HTTP server, to make the client script enter an infinite loop,
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: pypy3
Version: 7.3.5+dfsg-2+deb11u4
CVE ID: CVE-2020-10735 CVE-2020-29651 CVE-2021-3737 CVE-2021-28861
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!