PT-2014-3375 · Python+1 · Python+1
Published
2014-03-24
·
Updated
2019-08-21
·
CVE-2013-7338
CVSS v2.0
7.1
High
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Python versions prior to 3.3.4 RC1
Description
The issue allows remote attackers to cause a denial of service, resulting in an infinite loop and CPU consumption. This can be achieved by providing a file size value larger than the size of the zip file to certain functions, including
ZipExtFile.read, ZipExtFile.read(n), ZipExtFile.readlines, ZipFile.extract, or ZipFile.extractall.Recommendations
For versions prior to 3.3.4 RC1, update to version 3.3.4 RC1 or later to resolve the issue.
Exploit
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Python