5.5

CVE-2025-13837

Out-of-memory when loading Plist

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PythonPython Version < 3.13.10
PythonPython Version >= 3.14.0 < 3.14.1
PythonPython Version3.15.0 Updatealpha1
PythonPython Version3.15.0 Updatealpha2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.091
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
cna@python.org 2.1 0 0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://github.com/python/cpython/issues/119342
Patch
Issue Tracking
https://github.com/python/cpython/pull/119343
Patch
Issue Tracking
https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70
Patch
https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba
Patch
https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb
Patch
https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/
Vendor Advisory
https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b
Patch
https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036
https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111