[arch-security] [python] CVE-2013-7338 ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips

Billy McCann thebillywayne at gmail.com
Wed Mar 19 11:52:13 EDT 2014


Greetings.

CVE-2013-7338 has been assigned to python issue 20078.
"zipfile - ZipExtFile.read goes into 100% CPU infinite loop on maliciously
binary edited zips ". [0]

This issue is not resolved in Python 3.4.0[1].

An upstream fix is available. [2]

FS39540 has been filed with "Resolution=patch". [3]

[0] http://bugs.python.org/issue20078
[1] http://docs.python.org/3.4/whatsnew/3.4.html
[2] http://hg.python.org/cpython/rev/79ea4ce431b1
[3] https://bugs.archlinux.org/task/39540

BW
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.archlinux.org/pipermail/arch-security/attachments/20140319/4fac8879/attachment.html>


More information about the arch-security mailing list