CVE-2013-7338
Description
Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.
Risk Information
Base Score
7.5
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
5.918
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities affected in Python 3.3.4 | Windows |
| Multiple vulnerabilities are fixed in OS X Yosemite 10.10.5 Update | Mac |
| Multiple vulnerabilities are fixed in OS X Yosemite 10.10.5 Combo Update | Mac |
| Multiple Vulnerabilities are affected in Python for MAC 3.3.0 | Mac |
| Multiple Vulnerabilities are affected in Python for MAC 3.3.1 | Mac |
| Multiple Vulnerabilities are affected in Python for MAC 3.3.2 | Mac |
| Multiple Vulnerabilities are affected in Python for MAC 3.3.3 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-600354 | OS X Yosemite 10.10.5 Update |
| PATCH-600458 | OS X Yosemite 10.10.5 Combo Update |
| PATCH-611773 | Python for MAC 3.13.7 |
| PATCH-611773 | Python for MAC 3.13.7 |
| PATCH-611773 | Python for MAC 3.13.7 |
| PATCH-611773 | Python for MAC 3.13.7 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234