CVE-2013-7338
EUVD-2013-711122.04.2014, 14:23
Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| python | python | 3.3.0 |
| python | python | 3.3.0:alpha1 |
| python | python | 3.3.0:alpha2 |
| python | python | 3.3.0:alpha3 |
| python | python | 3.3.0:alpha4 |
| python | python | 3.3.0:beta1 |
| python | python | 3.3.0:beta2 |
| python | python | 3.3.0:rc1 |
| python | python | 3.3.0:rc2 |
| python | python | 3.3.0:rc3 |
| python | python | 3.3.1 |
| python | python | 3.3.1:rc1 |
| python | python | 3.3.2 |
| python | python | 3.3.3 |
| python | python | 3.3.3:rc1 |
| python | python | 3.3.3:rc2 |
| apple | mac_os_x | 𝑥 ≤ 10.10.4 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| python2.6 |
| ||||||||||
| python2.7 |
| ||||||||||
| python3.1 |
| ||||||||||
| python3.2 |
| ||||||||||
| python3.3 |
| ||||||||||
| python3.4 |
|
Common Weakness Enumeration
References