VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-adb7-t68d-aaah

Essentials
Severities (112)
References (41)
Severity details (26)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-adb7-t68d-aaah
Aliases	CVE-2023-6597
Summary	An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
Status	Published
Exploitability	0.5
Weighted Severity	7.0
Risk	3.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-61

UNIX Symbolic Link (Symlink) Following

System	Score	Found at
cvssv3	7.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6597.json
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2023-6597
cvssv3.1	8.4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.8	https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a
ssvc	Track	https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a
cvssv3.1	7.8	https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25
ssvc	Track	https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25
cvssv3.1	7.8	https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5
ssvc	Track	https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5
cvssv3.1	7.8	https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d
ssvc	Track	https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d
cvssv3.1	7.8	https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82
ssvc	Track	https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82
cvssv3.1	7.8	https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b
ssvc	Track	https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b
cvssv3.1	7.8	https://github.com/python/cpython/issues/91133
ssvc	Track	https://github.com/python/cpython/issues/91133
cvssv3.1	7.8	https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html
cvssv3.1	7.8	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/
cvssv3.1	7.8	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/
cvssv3.1	7.8	https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/
ssvc	Track	https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/
cvssv3.1	7.8	http://www.openwall.com/lists/oss-security/2024/03/20/5
ssvc	Track	http://www.openwall.com/lists/oss-security/2024/03/20/5

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6597.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-6597
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6597
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a
		https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25
		https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5
		https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d
		https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82
		https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b
		https://github.com/python/cpython/issues/91133
		https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/
		https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/
		http://www.openwall.com/lists/oss-security/2024/03/20/5
1070135		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070135
2276518		https://bugzilla.redhat.com/show_bug.cgi?id=2276518
CVE-2023-6597		https://nvd.nist.gov/vuln/detail/CVE-2023-6597
GLSA-202405-01		https://security.gentoo.org/glsa/202405-01
RHSA-2024:3347		https://access.redhat.com/errata/RHSA-2024:3347
RHSA-2024:3391		https://access.redhat.com/errata/RHSA-2024:3391
RHSA-2024:3466		https://access.redhat.com/errata/RHSA-2024:3466
RHSA-2024:4058		https://access.redhat.com/errata/RHSA-2024:4058
RHSA-2024:4077		https://access.redhat.com/errata/RHSA-2024:4077
RHSA-2024:4078		https://access.redhat.com/errata/RHSA-2024:4078
RHSA-2024:4166		https://access.redhat.com/errata/RHSA-2024:4166
RHSA-2024:4370		https://access.redhat.com/errata/RHSA-2024:4370
RHSA-2024:4406		https://access.redhat.com/errata/RHSA-2024:4406
RHSA-2024:4456		https://access.redhat.com/errata/RHSA-2024:4456
RHSA-2024:4896		https://access.redhat.com/errata/RHSA-2024:4896
RHSA-2024:5535		https://access.redhat.com/errata/RHSA-2024:5535
RHSA-2024:5689		https://access.redhat.com/errata/RHSA-2024:5689
RHSA-2025:0364		https://access.redhat.com/errata/RHSA-2025:0364
RHSA-2025:0646		https://access.redhat.com/errata/RHSA-2025:0646
RHSA-2025:0650		https://access.redhat.com/errata/RHSA-2025:0650
RHSA-2025:0832		https://access.redhat.com/errata/RHSA-2025:0832
RHSA-2025:1116		https://access.redhat.com/errata/RHSA-2025:1116
RHSA-2025:1120		https://access.redhat.com/errata/RHSA-2025:1120
RHSA-2025:2705		https://access.redhat.com/errata/RHSA-2025:2705
USN-6891-1		https://usn.ubuntu.com/6891-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6597.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N Found at https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-05T19:08:44Z/ Found at https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N Found at https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-05T19:08:44Z/ Found at https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N Found at https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-05T19:08:44Z/ Found at https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N Found at https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-05T19:08:44Z/ Found at https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N Found at https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-05T19:08:44Z/ Found at https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N Found at https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-05T19:08:44Z/ Found at https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N Found at https://github.com/python/cpython/issues/91133

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-05T19:08:44Z/ Found at https://github.com/python/cpython/issues/91133

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-05T19:08:44Z/ Found at https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-05T19:08:44Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N Found at https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-05T19:08:44Z/ Found at https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N Found at http://www.openwall.com/lists/oss-security/2024/03/20/5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-05T19:08:44Z/ Found at http://www.openwall.com/lists/oss-security/2024/03/20/5

Exploit Prediction Scoring System (EPSS)

Percentile	0.09631
EPSS Score	0.00042
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2024-02-07T11:52:29.632426+00:00	SUSE Severity Score Importer	Import	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml	34.0.0rc2