PT-2025-41152 · Python+9 · Python+9

Caleb Brown

+2

·

Publicado

2025-07-28

·

Atualizado

2026-04-29

·

CVE-2025-8291

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Python versions prior to 2.3
Description The 'zipfile' module does not validate the ZIP64 End of Central Directory (EOCD) Locator record offset value, leading to potential discrepancies in how ZIP archives are handled compared to other ZIP implementations. Specifically, the module incorrectly assumes the ZIP64 EOCD record's location, potentially allowing crafted ZIP archives to be processed in an unexpected manner.
Recommendations Update to version 2.3 or later.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1285

Identificadores relacionados

ALSA-2025:23323
ALSA-2025:23342
ALSA-2025:23530
ALSA-2025:23940
ALSA-2026:0123
AZL-68318
AZL-68321
BDU:2026-00313
BIT-LIBPYTHON-2025-8291
BIT-PYTHON-2025-8291
BIT-PYTHON-MIN-2025-8291
CVE-2025-8291
DLA-4354-1
ECHO-37A0-326B-4E55
GHSA-HHV7-P4PG-WM6P
OESA-2025-2574
OESA-2025-2575
OESA-2025-2576
OESA-2025-2577
OESA-2025-2578
OPENSUSE-SU-2025:15713-1
OPENSUSE-SU-2025:15742-1
OPENSUSE-SU-2025:15748-1
OPENSUSE-SU-2025:15750-1
OPENSUSE-SU-2025:15760-1
OPENSUSE-SU-2025:15768-1
OPENSUSE-SU-2025:15792-1
OPENSUSE-SU-2026:20081-1
PSF-2025-12
RHSA-2025:23323
RHSA-2025:23940
RHSA-2026:0123
RHSA-2026:0353
RHSA-2026:0354
RHSA-2026:0355
RHSA-2026:7443
RHSA-2026:7661
RHSA-2026:8822
RHSA-2026:8824
SUSE-SU-2025:21199-1
SUSE-SU-2025:21207-1
SUSE-SU-2025:4221-1
SUSE-SU-2025:4257-1
SUSE-SU-2025:4257-2
SUSE-SU-2025:4258-1
SUSE-SU-2025:4277-1
SUSE-SU-2025:4297-1
SUSE-SU-2025:4313-1
SUSE-SU-2025:4352-1
SUSE-SU-2025:4368-1
SUSE-SU-2025:4389-1
SUSE-SU-2025:4398-1
SUSE-SU-2025:4487-1
SUSE-SU-2026:0133-1
SUSE-SU-2026:20125-1
SUSE-SU-2026:20154-1
USN-7886-1
USN-7886-2

Produtos afetados

Almalinux
Centos
Debian
Linuxmint
Python
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu