Описание
When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python3.14 | unfixed | package | ||
| python3.13 | unfixed | package | ||
| python3.11 | removed | package | ||
| python3.9 | removed | package | ||
| python2.7 | removed | package | ||
| python2.7 | end-of-life | bullseye | package | |
| pypy3 | unfixed | package | ||
| pypy3 | no-dsa | trixie | package | |
| pypy3 | no-dsa | bookworm | package |
Примечания
https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/
https://github.com/python/cpython/issues/145986
https://github.com/python/cpython/pull/145987
Fixed by: https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768 (main)
Fixed by: https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3 (3.14)
Fixed by: https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a (3.13)
EPSS
Связанные уязвимости
When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.
A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash.
When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.
When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.
EPSS