In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed later on, causing a freeing of an arbitrary amount of memory.
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(“text”), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
python3.9-3.9.14-1.fc37
Update to 3.8.14
Contains security fix for CVE-2020-10735
python3.9-3.9.14-1.fc36
Update to 3.8.14
Contains security fix for CVE-2020-10735
python3.10-3.10.7-1.fc35
python3-docs-3.10.7-1.fc35
Update to 3.10.7
Contains security fix for CVE-2020-10735
python3.10-3.10.7-1.fc37
Update to 3.10.7
Contains security fix for CVE-2020-10735
Don’t use custom installation schemes.
python3.8-3.8.14-1.fc37
Update to 3.8.14
Contains security fix for CVE-2020-10735
python3.8-3.8.14-1.fc35
Update to 3.8.14
Contains security fix for CVE-2020-10735
python3.8-3.8.14-1.fc36
Update to 3.8.14
Contains security fix for CVE-2020-10735
Posted by malvuln on Sep 08
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/d871836f77076eeed87eb0078c1911c7_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Trojan.Win32.Autoit.fhj
Vulnerability: Named Pipe Null DACL
Family: Autoit
Type: PE32
MD5: d871836f77076eeed87eb0078c1911c7
Vuln ID: MVID-2022-0638
Disclosure: 09/06/2022
Description: The malware creates two processes…
