DescriptionMurray McAllister
2014-03-19 05:27:38 UTC
A flaw was found in the way Python's zipfile module processed malformed ZIP files. Processing a malicious ZIP file could lead to 100% CPU usage. This would be an issue if you are running a web service that accepts and processes ZIP files from untrusted sources.
At least Python 3 is affected. It is not yet known if older versions (such as version 2.7) are affected.
Upstream fix: http://hg.python.org/cpython/rev/79ea4ce431b1
Original report: http://bugs.python.org/issue20078
CVE request: http://seclists.org/oss-sec/2014/q1/592
Comment 1Murray McAllister
2014-03-19 05:31:37 UTC
Created python3 tracking bugs for this issue:
Affects: fedora-all [bug 1078015]