Описание
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python3.13 | unfixed | package | ||
| python3.12 | unfixed | package | ||
| python3.11 | removed | package | ||
| python3.11 | no-dsa | bookworm | package | |
| python3.9 | removed | package | ||
| python3.9 | postponed | bullseye | package | |
| python2.7 | removed | package | ||
| python2.7 | end-of-life | bullseye | package | |
| pypy3 | unfixed | package | ||
| pypy3 | postponed | bullseye | package | |
| jython | unfixed | package | ||
| jython | no-dsa | bookworm | package | |
| jython | end-of-life | bullseye | package |
Примечания
https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/
https://github.com/python/cpython/issues/135462
https://github.com/python/cpython/pull/135464
https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 (main)
https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b (v3.14.0b3)
https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 (3.13-branch)
EPSS
Связанные уязвимости
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
EPSS