CVE-2022-48564

描述

read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.

受影響套件(5)

• Bitnami/libpythonfrom 0, < 3.6.13, >= 3.7.0, < 3.7.10, >= 3.8.0, < 3.8.7, >= 3.9.0, < 3.9.1
• Bitnami/pythonfrom 0, < 3.6.13, >= 3.7.0, < 3.7.10, >= 3.8.0, < 3.8.7, >= 3.9.0, < 3.9.1
• Bitnami/python-minfrom 0, < 3.6.13, >= 3.7.0, < 3.7.10, >= 3.8.0, < 3.8.7, >= 3.9.0, < 3.9.1
• Debian/pypy3from 0, < 7.3.5+dfsg-2
• Debian/python3.9from 0, < 3.9.1~rc1-1

CVSS 分數

參考連結(5)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-48564
• WEBhttps://bugs.python.org/issue42103
• WEBhttps://lists.debian.org/debian-lts-announce/2023/10/msg00017.html
• WEBhttps://nvd.nist.gov/vuln/detail/CVE-2022-48564
• WEBhttps://security.netapp.com/advisory/ntap-20230929-0009/