Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2013-7338

Published: 22 April 2014

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.

Notes

AuthorNote
mdeslaur 
looks like it was introduced in python 3.3:
http://hg.python.org/cpython/rev/028e8e0b03e8

Priority

Low

Status

Package Release Status
python2.6
Launchpad, Ubuntu, Debian 		lucid Not vulnerable

precise Does not exist

quantal Does not exist

saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

python2.7
Launchpad, Ubuntu, Debian 		lucid Does not exist

precise Not vulnerable

quantal Not vulnerable

saucy Not vulnerable

trusty Not vulnerable

upstream Needs triage

utopic Not vulnerable

python3.1
Launchpad, Ubuntu, Debian 		lucid Ignored
(reached end-of-life)
precise Does not exist

quantal Does not exist

saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

python3.2
Launchpad, Ubuntu, Debian 		lucid Does not exist

precise Not vulnerable

quantal Not vulnerable

saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

python3.3
Launchpad, Ubuntu, Debian 		lucid Does not exist

precise Does not exist

quantal Ignored
(reached end-of-life)
saucy Ignored
(reached end-of-life)
trusty Does not exist

upstream
Released (3.3.4-1)
utopic Does not exist

Patches:
upstream: http://hg.python.org/cpython/rev/0cf1defd5ac4/
python3.4
Launchpad, Ubuntu, Debian 		lucid Does not exist

precise Does not exist

quantal Does not exist

saucy Does not exist

trusty Not vulnerable
(3.4~rc3-0ubuntu1)
upstream
Released (3.4~b3-1)
utopic Not vulnerable
(3.4~rc3-0ubuntu1)

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading