USN-6513-1

Advisory lineage Upstream: 4 Downstream: 0

Upstream

CVE-2022-48564 CVE-2023-40217 UBUNTU-CVE-2022-48564 UBUNTU-CVE-2023-40217

Published: 23 Nov 2023, 21:29

Last modified:20 May 2026, 16:03

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

23 Nov 2023, 21:29

Published

Vulnerability first disclosed

20 May 2026, 16:03

Last Modified

Vulnerability information updated

Description

python2.7, python3.5, python3.6 vulnerabilities It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into processing a specially crafted plist file, an attacker could possibly use this issue to consume resources, resulting in a denial of service. (CVE-2022-48564) It was discovered that Python instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake. An attacker could possibly use this issue to cause applications to treat unauthenticated received data before TLS handshake as authenticated data after TLS handshake. (CVE-2023-40217)

Affected Systems

ubuntu•python2.7
< 2.7.6-8ubuntu0.6+esm18 | < 2.7.12-1ubuntu0~16.04.18+esm9 | < 2.7.17-1~18.04ubuntu1.13+esm4
ubuntu•python3.5
< 3.5.2-2ubuntu0~16.04.13+esm12
ubuntu•python3.6
< 3.6.9-1~18.04ubuntu1.13+esm1

USN-6513-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)