CVE-2025-12084

EPSS 0.13%
Veröffentlicht 03.12.2025 18:55:32
Zuletzt bearbeitet 26.01.2026 15:16:05
Quelle cna@python.org
CVE-Watchlists
Login
Unerledigt
Login

Quadratic complexity in node ID cache clearing

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 17

NVD 4 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Python ≫ Python Version < 3.13.11

Python ≫ Python Version >= 3.14.0 < 3.14.2

Python ≫ Python Version3.15.0 Updatealpha1

Python ≫ Python Version3.15.0 Updatealpha2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.318

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
cna@python.org	6.3	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-407 Inefficient Algorithmic Complexity

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

https://github.com/python/cpython/pull/142146

Patch

Issue Tracking

https://github.com/python/cpython/issues/142145

Patch

Issue Tracking

https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4

Patch

https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0

Patch

https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964

Patch