Description
There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the incorrect file type. This defect is caused by the default locations of Linux and macOS platforms (such as “/etc/mime.types”) also being used on Windows, where they are user-writable locations (“C:\etc\mime.types”). To work-around this issue a user can call mimetypes.init() with an empty list (“[]”) on Windows platforms to avoid using the default list of known file locations.
Details
Affected Packages
| Software | From version | Fixed in |
|---|---|---|
| python | — | — |
| python-min | — | — |
| unknown | — | — |
References
Similar Threats
- Unknown CLSA-2023-1697816511
- Unknown CLSA-2023-1697739734
- Unknown CLSA-2023-1697464069
- Unknown CLSA-2023-1696877835
- Unknown CLSA-2023-1696878020
Exploit Protection
Help block exploit attempts
BotEraser is designed to detect and help reduce malicious bot traffic that may target known vulnerabilities on your site.
Try BotEraser Free →No credit card required · Results in minutes
ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.