CVE-2013-1753

The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
pythonpython
2.7.0 ≤
𝑥
< 2.7.9
pythonpython
3.2.0 ≤
𝑥
< 3.2.6
pythonpython
3.3.0 ≤
𝑥
< 3.3.6
pythonpython
3.4.0 ≤
𝑥
< 3.4.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python2.7
bullseye
2.7.18-8+deb11u1
fixed
jessie
postponed
squeeze
no-dsa
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python2.7
vivid
not-affected
utopic
Fixed 2.7.8-10ubuntu1.1
released
trusty
Fixed 2.7.6-8ubuntu0.2
released
precise
Fixed 2.7.3-0ubuntu3.8
released
python3.2
vivid
dne
utopic
dne
trusty
dne
precise
Fixed 3.2.3-0ubuntu3.7
released
python3.4
vivid
not-affected
utopic
Fixed 3.4.2-1ubuntu0.1
released
trusty
Fixed 3.4.0-2ubuntu1.1
released
precise
dne
References
https://bugs.python.org/issue16043
https://bugs.python.org/issue16043