Your submission was sent successfully! Close

CVE-2013-7338

Published: 22 April 2014

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.

Notes

AuthorNote
mdeslaur
looks like it was introduced in python 3.3:
http://hg.python.org/cpython/rev/028e8e0b03e8
Priority

Low

Status

Package Release Status
python2.6
Launchpad, Ubuntu, Debian
lucid Not vulnerable

precise Does not exist

quantal Does not exist

saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

python2.7
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Not vulnerable

quantal Not vulnerable

saucy Not vulnerable

trusty Not vulnerable

upstream Needs triage

utopic Not vulnerable

python3.1
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise Does not exist

quantal Does not exist

saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

python3.2
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Not vulnerable

quantal Not vulnerable

saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

python3.3
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Ignored
(reached end-of-life)
saucy Ignored
(reached end-of-life)
trusty Does not exist

upstream
Released (3.3.4-1)
utopic Does not exist

Patches:
upstream: http://hg.python.org/cpython/rev/0cf1defd5ac4/
python3.4
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

saucy Does not exist

trusty Not vulnerable
(3.4~rc3-0ubuntu1)
upstream
Released (3.4~b3-1)
utopic Not vulnerable
(3.4~rc3-0ubuntu1)