VDB

DEBIAN-CVE-2026-3446

DEBIAN-CVE-2026-3446 PUBLISHED CVSS 6 MEDIUM

When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use "validate=True" to enable stricter processing of base64 data.

Risk Scores

CVSS 4.0
6
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products

VendorProductVersions
Debian:13python3.133.13.5-2, 0, 3.13.12-1
Debian:14python3.143.14.0-2, *, 3.14.0-3
Debian:11python2.72.7.18-10, 2.7.18-11, 2.7.18-12
Debian:12pypy37.3.11+dfsg, 0, 7.3.11+dfsg-2
Debian:13pypy37.3.21+dfsg, 7.3.21+dfsg, 7.3.20+dfsg-1
Debian:14pypy37.3.21+dfsg, 7.3.20+dfsg-4, 7.3.21+dfsg-1
Debian:14python3.133.13.7-1, 3.13.6-1, 3.13.5-2
Debian:11python3.93.9.9-4, 3.9.6-1, *
Debian:12python3.110, 3.11.2-6+deb12u1, 3.11.2-6+deb12u2
Debian:11pypy37.3.17+dfsg, 7.3.18+dfsg, 7.3.18+dfsg

Exploit Intelligence

Timeline

  • Apr 10, 2026 CVE Published
  • May 16, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›