Описание
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python3.14 | fixed | 3.14.2-1 | package | |
| python3.13 | fixed | 3.13.11-1 | package | |
| python3.13 | no-dsa | trixie | package | |
| python3.11 | removed | package | ||
| python3.11 | no-dsa | bookworm | package | |
| python3.9 | removed | package | ||
| pypy3 | unfixed | package | ||
| pypy3 | no-dsa | trixie | package | |
| pypy3 | no-dsa | bookworm | package | |
| pypy3 | postponed | bullseye | package |
Примечания
https://github.com/python/cpython/issues/119342
https://github.com/python/cpython/pull/119343
https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70 (main)
https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb (v3.14.1)
https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba (v3.13.10)
Introduced by: https://github.com/python/cpython/commit/065266450ea5519a43bcc199e48d304f1e7038e8 (v3.4.2rc1)
Связанные уязвимости
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
