[arch-security] [python] CVE-2013-7338 ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips
Greetings. CVE-2013-7338 has been assigned to python issue 20078. "zipfile - ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips ". [0] This issue is not resolved in Python 3.4.0[1]. An upstream fix is available. [2] FS39540 has been filed with "Resolution=patch". [3] [0] http://bugs.python.org/issue20078 [1] http://docs.python.org/3.4/whatsnew/3.4.html [2] http://hg.python.org/cpython/rev/79ea4ce431b1 [3] https://bugs.archlinux.org/task/39540 BW
This issue was fixed in Python 3.4 beta3 released 2014-01-26, it turns out. [0] [0] http://docs.python.org/3/whatsnew/changelog.html#python-3-4-0-beta-3 -- Billy Wayne McCann, Ph.D. <https://plus.google.com/+BillyWayneMcCann> irc://irc.freenode.net:bwayne "A rich man will always desire what his wealth cannot acquire." ~ Faust (Goethe) On Wed, Mar 19, 2014 at 11:52 AM, Billy McCann <thebillywayne@gmail.com>wrote:
Greetings.
CVE-2013-7338 has been assigned to python issue 20078. "zipfile - ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips ". [0]
This issue is not resolved in Python 3.4.0[1].
An upstream fix is available. [2]
FS39540 has been filed with "Resolution=patch". [3]
[0] http://bugs.python.org/issue20078 [1] http://docs.python.org/3.4/whatsnew/3.4.html [2] http://hg.python.org/cpython/rev/79ea4ce431b1 [3] https://bugs.archlinux.org/task/39540
BW
participants (1)
-
Billy McCann