PT-2020-6971 · Python+7 · Python+7

Robert Wessen

Published

2020-10-21

Updated

2025-08-11

CVE-2022-48564

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Python versions prior to 3.9.2

Description The issue is related to the read ints function in the plistlib.py component of the Python interpreter, which is vulnerable to uncontrolled resource consumption. This can be exploited by a remote attacker to cause a denial of service. The vulnerability occurs when processing malformed Apple Property List files in binary format, leading to CPU and RAM exhaustion.

Recommendations For versions prior to 3.9.2, update to version 3.9.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the read ints function in plistlib.py to minimize the risk of exploitation. Avoid processing untrusted or malformed Apple Property List files in binary format until the issue is resolved.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2024:0114

ALT-PU-2024-3474

BDU:2024-06944

BIT-LIBPYTHON-2022-48564

BIT-PYTHON-2022-48564

BIT-PYTHON-MIN-2022-48564

CESA-2024_0114

CVE-2022-48564

DLA-3614-1

GHSA-P8VW-M6QQ-W42V

PSF-2023-10

RHSA-2024:0114

RHSA-2024:0430

RHSA-2024:0586

RHSA-2024_0114

USN-6513-1

USN-6891-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Python

Red Hat

Ubuntu

PT-2020-6971 · Python+7 · Python+7

CVE-2022-48564

Weakness Enumeration

Related Identifiers

Affected Products

References · 82