CVE-2013-7338
Published: 22 April 2014
Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.
Notes
Author | Note |
---|---|
mdeslaur | looks like it was introduced in python 3.3: http://hg.python.org/cpython/rev/028e8e0b03e8 |
Priority
Status
Package | Release | Status |
---|---|---|
python2.6 Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
python2.7 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
saucy |
Not vulnerable
|
|
trusty |
Not vulnerable
|
|
upstream |
Needs triage
|
|
utopic |
Not vulnerable
|
|
python3.1 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(reached end-of-life)
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
python3.2 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
python3.3 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
quantal |
Ignored
(reached end-of-life)
|
|
saucy |
Ignored
(reached end-of-life)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.3.4-1)
|
|
utopic |
Does not exist
|
|
Patches: upstream: http://hg.python.org/cpython/rev/0cf1defd5ac4/ |
||
python3.4 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Not vulnerable
(3.4~rc3-0ubuntu1)
|
|
upstream |
Released
(3.4~b3-1)
|
|
utopic |
Not vulnerable
(3.4~rc3-0ubuntu1)
|