Summary: | <dev-lang/python-3.3.4: malformed ZIP files could cause 100% CPU usage (CVE-2013-7338) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1078014 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-03-19 08:34:43 UTC
CVE-2013-7338 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7338): Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function. This issue was resolved and addressed in GLSA 201503-10 at https://security.gentoo.org/glsa/201503-10 by GLSA coordinator Kristian Fiskerstrand (K_F). |