4.3
CVE-2025-6069
- EPSS 0.86%
- Veröffentlicht 17.06.2025 13:39:46
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle cna@python.org
- CVE-Watchlists
- Unerledigt
HTMLParser quadratic complexity when processing malformed inputs
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerPython Software Foundation
≫
Produkt
CPython
Default Statusunaffected
Version
0
Version <
3.10.19
Status
affected
Version
3.11.0
Version <
3.11.14
Status
affected
Version
3.12.0
Version <
3.12.12
Status
affected
Version
3.13.0
Version <
3.13.6
Status
affected
Version
3.14.0a1
Version <
3.14.0b3
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.86% | 0.752 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@python.org | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
CWE-1333 Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.