2249750 – (CVE-2022-48564) CVE-2022-48564 python: DoS when processing malformed Apple Property List files in binary format

Bug 2249750 (CVE-2022-48564) - CVE-2022-48564 python: DoS when processing malformed Apple Property List files in binary format

Summary: CVE-2022-48564 python: DoS when processing malformed Apple Property List file...

Keywords:
Status:	NEW
Alias:	CVE-2022-48564
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2250587 2250588 2250589
Blocks:	2249765
TreeView+	depends on / blocked

Reported:	2023-11-15 07:28 UTC by TEJ RATHI
Modified:	2024-04-04 12:33 UTC (History)
CC List:	4 users (show)
Fixed In Version:	python 3.10.0, python 3.9.1, python 3.8.7, python 3.7.10, python 3.6.13
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:0114	None	None	None	2024-01-10 11:29:39 UTC
Red Hat Product Errata	RHSA-2024:0430	None	None	None	2024-01-24 16:49:40 UTC
Red Hat Product Errata	RHSA-2024:0586	None	None	None	2024-01-30 13:25:14 UTC

Description TEJ RATHI 2023-11-15 07:28:11 UTC

The Python's read_ints() in plistlib.py is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.

https://bugs.python.org/issue42103
https://github.com/python/cpython/issues/86269
https://github.com/python/cpython/commit/34637a0ce21e7261b952fbd9d006474cc29b681f (v3.10.0a2)
https://github.com/python/cpython/commit/e277cb76989958fdbc092bf0b2cb55c43e86610a (v3.9.1rc1)
https://github.com/python/cpython/commit/547d2bcc55e348043b2f338027c1acd9549ada76 (v3.8.7rc1)
https://github.com/python/cpython/commit/225e3659556616ad70186e7efc02baeebfeb5ec4 (v3.7.10)
https://github.com/python/cpython/commit/a63234c49b2fbfb6f0aca32525e525ce3d43b2b4 (v3.6.13)

Comment 4 Sandipan Roy 2023-11-20 05:25:15 UTC

Created python3.11 tracking bugs for this issue:

Affects: fedora-all [bug 2250587]


Created python3.12 tracking bugs for this issue:

Affects: fedora-all [bug 2250588]


Created python3.13 tracking bugs for this issue:

Affects: fedora-all [bug 2250589]

Comment 5 errata-xmlrpc 2024-01-10 11:29:38 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0114 https://access.redhat.com/errata/RHSA-2024:0114

Comment 6 errata-xmlrpc 2024-01-24 16:49:39 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0430 https://access.redhat.com/errata/RHSA-2024:0430

Comment 7 errata-xmlrpc 2024-01-30 13:25:12 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:0586 https://access.redhat.com/errata/RHSA-2024:0586

Note You need to log in before you can comment on or make changes to this bug.