BIT-python-min-2026-3276

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/python-min/BIT-python-min-2026-3276.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-python-min-2026-3276

Aliases

Published

2026-06-05T13:04:10.162Z

Modified

2026-06-05T13:41:09.838079708Z

Summary

Potential DoS via quadratic complexity in unicodedata.normalize()

Details

unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.

Database specific

{
    "cpes": [
        "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / python-min

Package

Name: python-min
Purl: pkg:bitnami/python-min

Severity

6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/python-min/BIT-python-min-2026-3276.json"