4.3
CVE-2025-6069
- EPSS 0.47%
- Veröffentlicht 17.06.2025 13:39:46
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle cna@python.org
- CVE-Watchlists
- Unerledigt
HTMLParser quadratic complexity when processing malformed inputs
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerPython Software Foundation
≫
Produkt
CPython
Default Statusunaffected
Version
0
Version <
3.10.19
Status
affected
Version
3.11.0
Version <
3.11.14
Status
affected
Version
3.12.0
Version <
3.12.12
Status
affected
Version
3.13.0
Version <
3.13.6
Status
affected
Version
3.14.0a1
Version <
3.14.0b3
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.376 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@python.org | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
CWE-1333 Inefficient Regular Expression Complexity
The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.
https://github.com/python/cpython/issues/135462
https://github.com/python/cpython/pull/135464
https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949
https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41
https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b
https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/
https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49
https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5
https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc
https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15