7.5

CVE-2026-4224

Stack overflow parsing XML with deeply nested DTD content models

When an Expat parser with a registered ElementDeclHandler parses an inline
document type definition containing a deeply nested content model a C stack
overflow occurs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PythonPython Version < 3.10.0
PythonPython Version >= 3.13.0 < 3.13.13
PythonPython Version >= 3.14.0 < 3.14.4
PythonPython Version3.15.0 Updatealpha1
PythonPython Version3.15.0 Updatealpha2
PythonPython Version3.15.0 Updatealpha3
PythonPython Version3.15.0 Updatealpha4
PythonPython Version3.15.0 Updatealpha5
PythonPython Version3.15.0 Updatealpha6
PythonPython Version3.15.0 Updatealpha7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.62% 0.45
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cna@python.org 6 0 0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-674 Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a
Patch
https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3
Patch
https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768
Patch
https://github.com/python/cpython/issues/145986
Issue Tracking
https://github.com/python/cpython/pull/145987
Patch
https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/
Third Party Advisory
http://www.openwall.com/lists/oss-security/2026/03/16/4
Third Party Advisory
Mailing List
https://github.com/python/cpython/commit/642865ddf4b232da1f3b1f7abcfa3254c4bfe785
Patch
https://github.com/python/cpython/commit/af856a7177326ac25d9f66cc6dd28b554d914fee
Patch