Описание
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python3.9 | fixed | 3.9.1~rc1-1 | package | |
| python3.7 | removed | package | ||
| python2.7 | not-affected | package | ||
| pypy3 | fixed | 7.3.5+dfsg-2 | package |
Примечания
https://bugs.python.org/issue42103
https://github.com/python/cpython/issues/86269
https://github.com/python/cpython/commit/34637a0ce21e7261b952fbd9d006474cc29b681f (v3.10.0a2)
https://github.com/python/cpython/commit/e277cb76989958fdbc092bf0b2cb55c43e86610a (v3.9.1rc1)
https://github.com/python/cpython/commit/547d2bcc55e348043b2f338027c1acd9549ada76 (v3.8.7rc1)
https://github.com/python/cpython/commit/225e3659556616ad70186e7efc02baeebfeb5ec4 (v3.7.10)
https://github.com/python/cpython/commit/a63234c49b2fbfb6f0aca32525e525ce3d43b2b4 (v3.6.13)
EPSS
Связанные уязвимости
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
Уязвимость функции read_ints компонента plistlib.py интерпретатора языка программирования Python, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
EPSS