A flaw was found in the way Python's zipfile module processed malformed ZIP files. Processing a malicious ZIP file could lead to 100% CPU usage. This would be an issue if you are running a web service that accepts and processes ZIP files from untrusted sources.
At least Python 3 is affected. It is not yet known if older versions (such as version 2.7) are affected.
Upstream fix: http://hg.python.org/cpython/rev/79ea4ce431b1
Original report: http://bugs.python.org/issue20078
CVE request: http://seclists.org/oss-sec/2014/q1/592
Created python3 tracking bugs for this issue:
Affects: fedora-all [bug 1078015]
MITRE assigned CVE-2013-7338 to this issue:
This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5, 6 and 7.
python3-3.3.2-19.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
python3-3.3.2-11.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.