Описание
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/focal | released | 2.7.18-1~20.04.7+esm4 |
| esm-apps/jammy | released | 2.7.18-13ubuntu1.5+esm3 |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/bionic | needs-triage | |
| esm-infra/xenial | needs-triage | |
| focal | ignored | end of standard support, was needed |
| jammy | needed | |
| mantic | DNE | |
| noble | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | released | 3.10.12-1~22.04.4 |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | released | 3.10.14 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/jammy | released | 3.11.0~rc1-1~22.04.1~esm1 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | needed | |
| mantic | released | 3.11.6-3ubuntu0.1 |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| mantic | released | 3.12.0-1ubuntu0.1 |
| noble | not-affected | 3.12.3-1 |
| oracular | not-affected | 3.12.4-1ubuntu1 |
| plucky | DNE | |
| upstream | released | 3.12.2-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| trusty/esm | ignored | end of ESM support, was needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | not-affected | 3.5.2-2ubuntu0~16.04.4~14.04.1+esm1 |
| esm-infra/focal | DNE | |
| esm-infra/xenial | released | 3.5.2-2ubuntu0~16.04.13+esm13 |
| focal | DNE | |
| jammy | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/bionic | released | 3.6.9-1~18.04ubuntu1.13+esm2 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/bionic | released | 3.7.5-2ubuntu1~18.04.2+esm3 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/bionic | released | 3.8.0-3ubuntu1~18.04.2+esm2 |
| esm-infra/focal | not-affected | 3.8.10-0ubuntu1~20.04.10 |
| focal | released | 3.8.10-0ubuntu1~20.04.10 |
| jammy | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | released | 3.8.19 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/focal | released | 3.9.5-3ubuntu0~20.04.1+esm2 |
| focal | ignored | end of standard support, was needed |
| jammy | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | released | 3.9.19 |
Показывать по
EPSS
6.2 Medium
CVSS3
Связанные уязвимости
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.
An issue was found in the CPython `zipfile` module affecting versions ...
EPSS
6.2 Medium
CVSS3