There is a HIGH severity vulnerability affecting the CPython "zipfile" module. When iterating over names of entries in a zip archive (for example, methods of "zipfile.ZipFile" like "namelist()", "iterdir()", "extractall()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:5962 https://access.redhat.com/errata/RHSA-2024:5962
FEDORA-2024-e887a10dee (python3.13-3.13.0~rc2-1.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-f2fc325c40 (python3.13-3.13.0~rc2-1.fc39) has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:6961 https://access.redhat.com/errata/RHSA-2024:6961
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:6962 https://access.redhat.com/errata/RHSA-2024:6962