Bug 2345794 (CVE-2024-3220)
| Summary: | CVE-2024-3220 python: Default mimetype known files writeable on Windows | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | dfreiber, drow, jburrell, jeder, ljawale, luizcosta, nweather, rbobbitt, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the mimetypes standard library module for Python. On Windows systems, the default list of known file locations is writable, meaning other users can create invalid files to cause `MemoryError` to be raised on Python runtime startup or have file extensions be interpreted as the incorrect file type.
This defect is caused by the default locations of Linux and macOS platforms (such as `/etc/mime.types`) also being used on Windows, where they are user-writable locations (`C:\etc\mime.types`).
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2025-02-14 17:01:31 UTC
|