vulnerability
Oracle Linux: CVE-2022-48564: ELSA-2024-0114: python3 security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | 2023-08-22 | 2024-01-11 | 2024-11-25 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
2023-08-22
Added
2024-01-11
Modified
2024-11-25
Description
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
A vulnerability was found in the Python core plistlib library within the read_ints() function in the plistlib.py file. In malformed input, the implementation can be manipulated to create an argument for struct.unpack(). This issue can lead to excessive CPU and memory consumption, resulting in a MemError, as it constructs the 'format' argument for unpack(). This flaw allows an attacker to employ a binary plist input, potentially executing a denial of service (DoS) attack by exhausting CPU and RAM resources.
A vulnerability was found in the Python core plistlib library within the read_ints() function in the plistlib.py file. In malformed input, the implementation can be manipulated to create an argument for struct.unpack(). This issue can lead to excessive CPU and memory consumption, resulting in a MemError, as it constructs the 'format' argument for unpack(). This flaw allows an attacker to employ a binary plist input, potentially executing a denial of service (DoS) attack by exhausting CPU and RAM resources.
Solution(s)
oracle-linux-upgrade-platform-pythonoracle-linux-upgrade-platform-python-debugoracle-linux-upgrade-platform-python-develoracle-linux-upgrade-python3-idleoracle-linux-upgrade-python3-libsoracle-linux-upgrade-python3-testoracle-linux-upgrade-python3-tkinter
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.