CVE-2013-1752

Name of the Vulnerable Software and Affected Versions Python versions prior to 2.6.9 Python versions prior to 2.7.4 Python versions prior to 2.7.6 Python versions prior to 3.3.3

Description The issue is related to various Python modules, including httplib, ftplib, imaplib, nntplib, poplib, and smtplib, which do not properly restrict readline calls. This allows remote attackers to cause a denial of service via a long string, resulting in memory consumption. The smtplib module is particularly affected, as it does not limit the amount of read data in its call to readline(), allowing an erroneous or malicious SMTP server to trick the module into consuming large amounts of memory.

Recommendations For Python versions prior to 2.6.9, update to version 2.6.9 or later. For Python versions prior to 2.7.4, update to version 2.7.4 or later. For Python versions prior to 2.7.6, update to version 2.7.6 or later. For Python versions prior to 3.3.3, update to version 3.3.3 or later. As a temporary workaround, consider restricting access to the vulnerable modules until a patch is available.