The Python's read_ints() in plistlib.py is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. https://bugs.python.org/issue42103 https://github.com/python/cpython/issues/86269 https://github.com/python/cpython/commit/34637a0ce21e7261b952fbd9d006474cc29b681f (v3.10.0a2) https://github.com/python/cpython/commit/e277cb76989958fdbc092bf0b2cb55c43e86610a (v3.9.1rc1) https://github.com/python/cpython/commit/547d2bcc55e348043b2f338027c1acd9549ada76 (v3.8.7rc1) https://github.com/python/cpython/commit/225e3659556616ad70186e7efc02baeebfeb5ec4 (v3.7.10) https://github.com/python/cpython/commit/a63234c49b2fbfb6f0aca32525e525ce3d43b2b4 (v3.6.13)
Created python3.11 tracking bugs for this issue: Affects: fedora-all [bug 2250587] Created python3.12 tracking bugs for this issue: Affects: fedora-all [bug 2250588] Created python3.13 tracking bugs for this issue: Affects: fedora-all [bug 2250589]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0114 https://access.redhat.com/errata/RHSA-2024:0114
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0430 https://access.redhat.com/errata/RHSA-2024:0430
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:0586 https://access.redhat.com/errata/RHSA-2024:0586