Description

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.

Remediation

References

CVE-2013-7338

Related Vulnerabilities

WordPress Plugin MSMC-Redirect After Comment Multiple Vulnerabilities (2.1.2)

WordPress Plugin LittleBot ACH for Stripe + Plaid Unspecified Vulnerability (1.2.6)

phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-1432)

MySQL CVE-2018-3143 Vulnerability (CVE-2018-3143)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2019-9637)

Severity

High

Classification

CVE-2013-7338 CWE-20

Tags

Missing Update Known Vulnerabilities