CVE-2013-7338
Published: 22 April 2014
Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.
Notes
| Author | Note |
|---|---|
| mdeslaur | looks like it was introduced in python 3.3: http://hg.python.org/cpython/rev/028e8e0b03e8 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
python2.6 Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
python2.7 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
|
|
| saucy |
Not vulnerable
|
|
| trusty |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
|
python3.1 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
python3.2 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
python3.3 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Does not exist
|
|
| quantal |
Ignored
(end of life)
|
|
| saucy |
Ignored
(end of life)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(3.3.4-1)
|
|
|
Patches: upstream: http://hg.python.org/cpython/rev/0cf1defd5ac4/ |
||
|
python3.4 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Not vulnerable
(3.4~rc3-0ubuntu1)
|
|
| upstream |
Released
(3.4~b3-1)
|
|