CVE-2022-48564

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-48564

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48564.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-48564

Aliases

BIT-python-2022-48564
GHSA-p8vw-m6qq-w42v
PSF-2023-10

Related

Published

2023-08-22T19:16:31Z

Modified

2024-08-01T06:24:31.294998Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.

References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Introduced

fa919fdf2583bdfead1df00e842f24f30b2a34bf

Fixed

6503f05dd59e26a9986bdea097b3da9b3546f45b

Affected versions

v3.*

v3.8.0

v3.8.1

v3.8.1rc1

v3.8.2

v3.8.2rc1

v3.8.2rc2

v3.8.3

v3.8.3rc1

v3.8.4

v3.8.4rc1

v3.8.5

v3.8.6

v3.8.6rc1

v3.8.7rc1