Bug 2373234 (CVE-2025-6069)
| Summary: | CVE-2025-6069 cpython: Python HTMLParser quadratic complexity | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | bbrownin, dfreiber, drow, jburrell, ljawale, luizcosta, nweather, rbobbitt, teagle, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2373252, 2373236, 2373237, 2373238, 2373240, 2373241, 2373242, 2373243, 2373244, 2373245, 2373246, 2373247, 2373248, 2373249, 2373250, 2373251, 2373253 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-06-17 16:12:16 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:23530 https://access.redhat.com/errata/RHSA-2025:23530 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:23342 https://access.redhat.com/errata/RHSA-2025:23342 |