{"id":"USN-7348-1","summary":"python3.5, python3.8 vulnerabilities","details":"It was discovered that the Python ipaddress module contained incorrect\ninformation about which IP address ranges were considered “private” or\n“globally reachable”. This could possibly result in applications applying\nincorrect security policies. This issue only affected Ubuntu 14.04 LTS\nand Ubuntu 16.04 LTS. (CVE-2024-4032)\n\nIt was discovered that Python incorrectly handled quoting path names when\nusing the venv module. A local attacker able to control virtual\nenvironments could possibly use this issue to execute arbitrary code when\nthe virtual environment is activated. (CVE-2024-9287)\n\nIt was discovered that Python incorrectly handled parsing bracketed hosts.\nA remote attacker could possibly use this issue to perform a Server-Side\nRequest Forgery (SSRF) attack. This issue only affected Ubuntu 14.04 LTS\nand Ubuntu 16.04 LTS. (CVE-2024-11168)\n\nIt was discovered that Python incorrectly handled parsing domain names that\nincluded square brackets. A remote attacker could possibly use this issue\nto perform a Server-Side Request Forgery (SSRF) attack. (CVE-2025-0938)\n","modified":"2026-04-27T17:21:02.268109Z","published":"2025-03-12T14:36:24Z","related":["UBUNTU-CVE-2024-11168","UBUNTU-CVE-2024-4032","UBUNTU-CVE-2024-9287","UBUNTU-CVE-2025-0938"],"upstream":["CVE-2024-11168","CVE-2024-4032","CVE-2024-9287","CVE-2025-0938","UBUNTU-CVE-2024-11168","UBUNTU-CVE-2024-4032","UBUNTU-CVE-2024-9287","UBUNTU-CVE-2025-0938"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7348-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-4032"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-9287"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-11168"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-0938"}],"affected":[{"package":{"name":"python3.5","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/python3.5@3.5.2-2ubuntu0~16.04.4~14.04.1+esm4?arch=source&distro=esm-infra-legacy/trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm4"}]}],"versions":["3.5.2-2ubuntu0~16.04.4~14.04.1","3.5.2-2ubuntu0~16.04.4~14.04.1+esm1","3.5.2-2ubuntu0~16.04.4~14.04.1+esm3"],"ecosystem_specific":{"binaries":[{"binary_name":"idle-python3.5","binary_version":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm4"},{"binary_name":"libpython3.5","binary_version":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm4"},{"binary_name":"libpython3.5-minimal","binary_version":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm4"},{"binary_name":"libpython3.5-stdlib","binary_version":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm4"},{"binary_name":"libpython3.5-testsuite","binary_version":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm4"},{"binary_name":"python3.5","binary_version":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm4"},{"binary_name":"python3.5-examples","binary_version":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm4"},{"binary_name":"python3.5-minimal","binary_version":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm4"},{"binary_name":"python3.5-venv","binary_version":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm4"}],"availability":"Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7348-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:14.04:LTS","cves":[{"id":"CVE-2024-4032","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2024-9287","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-11168","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/AU:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-0938","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"type":"Ubuntu","score":"medium"}]}]}}},{"package":{"name":"python3.5","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/python3.5@3.5.2-2ubuntu0~16.04.13+esm16?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5.2-2ubuntu0~16.04.13+esm16"}]}],"versions":["3.5.0-3","3.5.0-3ubuntu1","3.5.1~rc1-2ubuntu1","3.5.1-1","3.5.1-2","3.5.1-3","3.5.1-5","3.5.1-6ubuntu1","3.5.1-6ubuntu2","3.5.1-9ubuntu1","3.5.1-10","3.5.2-2~16.01","3.5.2-2~16.04","3.5.2-2ubuntu0~16.04.1","3.5.2-2ubuntu0~16.04.2","3.5.2-2ubuntu0~16.04.3","3.5.2-2ubuntu0~16.04.4","3.5.2-2ubuntu0~16.04.5","3.5.2-2ubuntu0~16.04.8","3.5.2-2ubuntu0~16.04.9","3.5.2-2ubuntu0~16.04.10","3.5.2-2ubuntu0~16.04.11","3.5.2-2ubuntu0~16.04.12","3.5.2-2ubuntu0~16.04.13","3.5.2-2ubuntu0~16.04.13+esm1","3.5.2-2ubuntu0~16.04.13+esm2","3.5.2-2ubuntu0~16.04.13+esm3","3.5.2-2ubuntu0~16.04.13+esm5","3.5.2-2ubuntu0~16.04.13+esm6","3.5.2-2ubuntu0~16.04.13+esm7","3.5.2-2ubuntu0~16.04.13+esm8","3.5.2-2ubuntu0~16.04.13+esm9","3.5.2-2ubuntu0~16.04.13+esm10","3.5.2-2ubuntu0~16.04.13+esm11","3.5.2-2ubuntu0~16.04.13+esm12","3.5.2-2ubuntu0~16.04.13+esm13","3.5.2-2ubuntu0~16.04.13+esm14","3.5.2-2ubuntu0~16.04.13+esm15"],"ecosystem_specific":{"binaries":[{"binary_name":"idle-python3.5","binary_version":"3.5.2-2ubuntu0~16.04.13+esm16"},{"binary_name":"libpython3.5","binary_version":"3.5.2-2ubuntu0~16.04.13+esm16"},{"binary_name":"libpython3.5-minimal","binary_version":"3.5.2-2ubuntu0~16.04.13+esm16"},{"binary_name":"libpython3.5-stdlib","binary_version":"3.5.2-2ubuntu0~16.04.13+esm16"},{"binary_name":"libpython3.5-testsuite","binary_version":"3.5.2-2ubuntu0~16.04.13+esm16"},{"binary_name":"python3.5","binary_version":"3.5.2-2ubuntu0~16.04.13+esm16"},{"binary_name":"python3.5-examples","binary_version":"3.5.2-2ubuntu0~16.04.13+esm16"},{"binary_name":"python3.5-minimal","binary_version":"3.5.2-2ubuntu0~16.04.13+esm16"},{"binary_name":"python3.5-venv","binary_version":"3.5.2-2ubuntu0~16.04.13+esm16"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7348-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"id":"CVE-2024-4032","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2024-9287","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-11168","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/AU:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-0938","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"type":"Ubuntu","score":"medium"}]}]}}},{"package":{"name":"python3.8","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/python3.8@3.8.10-0ubuntu1~20.04.16?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.8.10-0ubuntu1~20.04.16"}]}],"versions":["3.8.0-1","3.8.0-2","3.8.0-3","3.8.0-4","3.8.0-5","3.8.1-2ubuntu3","3.8.2~rc1-1ubuntu1","3.8.2-1","3.8.2-1ubuntu1","3.8.2-1ubuntu1.1","3.8.2-1ubuntu1.2","3.8.5-1~20.04","3.8.5-1~20.04.2","3.8.5-1~20.04.3","3.8.10-0ubuntu1~20.04","3.8.10-0ubuntu1~20.04.1","3.8.10-0ubuntu1~20.04.2","3.8.10-0ubuntu1~20.04.4","3.8.10-0ubuntu1~20.04.5","3.8.10-0ubuntu1~20.04.6","3.8.10-0ubuntu1~20.04.7","3.8.10-0ubuntu1~20.04.8","3.8.10-0ubuntu1~20.04.9","3.8.10-0ubuntu1~20.04.10","3.8.10-0ubuntu1~20.04.11","3.8.10-0ubuntu1~20.04.12","3.8.10-0ubuntu1~20.04.13","3.8.10-0ubuntu1~20.04.14","3.8.10-0ubuntu1~20.04.15"],"ecosystem_specific":{"binaries":[{"binary_name":"idle-python3.8","binary_version":"3.8.10-0ubuntu1~20.04.16"},{"binary_name":"libpython3.8","binary_version":"3.8.10-0ubuntu1~20.04.16"},{"binary_name":"libpython3.8-minimal","binary_version":"3.8.10-0ubuntu1~20.04.16"},{"binary_name":"libpython3.8-stdlib","binary_version":"3.8.10-0ubuntu1~20.04.16"},{"binary_name":"libpython3.8-testsuite","binary_version":"3.8.10-0ubuntu1~20.04.16"},{"binary_name":"python3.8","binary_version":"3.8.10-0ubuntu1~20.04.16"},{"binary_name":"python3.8-examples","binary_version":"3.8.10-0ubuntu1~20.04.16"},{"binary_name":"python3.8-full","binary_version":"3.8.10-0ubuntu1~20.04.16"},{"binary_name":"python3.8-minimal","binary_version":"3.8.10-0ubuntu1~20.04.16"},{"binary_name":"python3.8-venv","binary_version":"3.8.10-0ubuntu1~20.04.16"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7348-1.json","cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"id":"CVE-2024-9287","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-0938","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"type":"Ubuntu","score":"medium"}]}]}}}],"schema_version":"1.7.5"}