CVE-2024-39705 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-39705 Interim 1 8 2025-02-16T01:05:44Z current 2024-06-29T17:04:34Z 2025-02-16T01:05:44Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-39705 NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TPL3SFAM7D6T4BAZ4QKZPZDK5JXBAFFC/ E-Mail link for openSUSE-SU-2024:0221-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/34GPGJ5MWORJ4EISDV3CLYKNIHC3Z7CC/ E-Mail link for openSUSE-SU-2024:0222-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SP5 SUSE Package Hub 15 SP6 openSUSE Leap 15.5 openSUSE Leap 15.6 openSUSE Tumbleweed python3-nltk-3.7-bp155.3.3.1 python3-nltk-3.7-bp156.4.3.1 python310-nltk-3.8.1-2.1 python311-nltk-3.8.1-2.1 python312-nltk-3.8.1-2.1 python3-nltk-3.7-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 python3-nltk-3.7-bp156.4.3.1 as a component of SUSE Package Hub 15 SP6 python3-nltk-3.7-bp155.3.3.1 as a component of openSUSE Leap 15.5 python3-nltk-3.7-bp156.4.3.1 as a component of openSUSE Leap 15.6 python310-nltk-3.8.1-2.1 as a component of openSUSE Tumbleweed python311-nltk-3.8.1-2.1 as a component of openSUSE Tumbleweed python312-nltk-3.8.1-2.1 as a component of openSUSE Tumbleweed NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt. CVE-2024-39705 SUSE Package Hub 15 SP5:python3-nltk-3.7-bp155.3.3.1 SUSE Package Hub 15 SP6:python3-nltk-3.7-bp156.4.3.1 openSUSE Leap 15.5:python3-nltk-3.7-bp155.3.3.1 openSUSE Leap 15.6:python3-nltk-3.7-bp156.4.3.1 openSUSE Tumbleweed:python310-nltk-3.8.1-2.1 openSUSE Tumbleweed:python311-nltk-3.8.1-2.1 openSUSE Tumbleweed:python312-nltk-3.8.1-2.1 critical