CVE-2022-48564

MEDIUM6.5EPSS 0.11%

Published: 8/22/2023Modified: 4/28/2026

Description

read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.

Affected packages (5)

Bitnami/libpythonfrom 0, < 3.6.13, >= 3.7.0, < 3.7.10, >= 3.8.0, < 3.8.7, >= 3.9.0, < 3.9.1
Bitnami/pythonfrom 0, < 3.6.13, >= 3.7.0, < 3.7.10, >= 3.8.0, < 3.8.7, >= 3.9.0, < 3.9.1
Bitnami/python-minfrom 0, < 3.6.13, >= 3.7.0, < 3.7.10, >= 3.8.0, < 3.8.7, >= 3.9.0, < 3.9.1
Debian/pypy3from 0, < 7.3.5+dfsg-2
Debian/python3.9from 0, < 3.9.1~rc1-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References (5)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-48564
WEBhttps://bugs.python.org/issue42103
WEBhttps://lists.debian.org/debian-lts-announce/2023/10/msg00017.html
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2022-48564
WEBhttps://security.netapp.com/advisory/ntap-20230929-0009/