CVE-2013-7338

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.

Published : 2014-04-22 14:23 Updated : 2019-08-21 12:41

7.1
CVSS Score More info
Score 7.1 / 10
7.1
Vendor Product Version URI
Python Python 3.3.0 cpe:/a:python:python:3.3.0:-
Python Python 3.3.0 cpe:/a:python:python:3.3.0:alpha1
Python Python 3.3.0 cpe:/a:python:python:3.3.0:alpha2
Python Python 3.3.0 cpe:/a:python:python:3.3.0:alpha3
Python Python 3.3.0 cpe:/a:python:python:3.3.0:alpha4
Python Python 3.3.0 cpe:/a:python:python:3.3.0:beta1
Python Python 3.3.0 cpe:/a:python:python:3.3.0:beta2
Python Python 3.3.0 cpe:/a:python:python:3.3.0:rc1
Python Python 3.3.0 cpe:/a:python:python:3.3.0:rc2
Python Python 3.3.0 cpe:/a:python:python:3.3.0:rc3
Python Python 3.3.1 cpe:/a:python:python:3.3.1:-
Python Python 3.3.2 cpe:/a:python:python:3.3.2
Python Python 3.3.1 cpe:/a:python:python:3.3.1:rc1
Python Python 3.3.3 cpe:/a:python:python:3.3.3
Python Python 3.3.3 cpe:/a:python:python:3.3.3:rc1
Python Python 3.3.3 cpe:/a:python:python:3.3.3:rc2
Apple Mac Os X 10.10.4 cpe:/o:apple:mac_os_x:10.10.4
  1. Python (1) Search CVE
    1. Python (4) Search CVE
      1. 3.3.0
      2. 3.3.1
      3. 3.3.2
      4. 3.3.3
  2. Apple (1) Search CVE
    1. Mac Os X (1) Search CVE
      1. 10.10.4

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2019-08-21 12:41
2017-07-01 05:29
2014-04-22 14:23

New CVE