[arch-security] [python] CVE-2013-7338 ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips

19 Mar 2014

      Greetings.

CVE-2013-7338 has been assigned to python issue 20078.
"zipfile - ZipExtFile.read goes into 100% CPU infinite loop on maliciously
binary edited zips ". [0]

This issue is not resolved in Python 3.4.0[1].

An upstream fix is available. [2]

FS39540 has been filed with "Resolution=patch". [3]

[0] http://bugs.python.org/issue20078
[1] http://docs.python.org/3.4/whatsnew/3.4.html
[2] http://hg.python.org/cpython/rev/79ea4ce431b1
[3] https://bugs.archlinux.org/task/39540

BW

[arch-security] [python] CVE-2013-7338 ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips

Billy McCann