CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
35.1%
python3 is vulnerable to Information Disclosure. The vulnerability can be exploited by an attacker to bypass the TLS handshake and send unencrypted data to the server. This data could be used to modify or delete resources that are authenticated only by a TLS certificate, which makes it possible for breach of confidentiality.
lists.debian.org/debian-lts-announce/2023/09/msg00022.html
lists.debian.org/debian-lts-announce/2023/10/msg00017.html
mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/
mail.python.org/archives/list/[email protected]/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml
secdb.alpinelinux.org/v3.18/main.yaml
security.netapp.com/advisory/ntap-20231006-0014/
www.python.org/dev/security/