CVE-2013-7338

Published: Apr 22, 2014Modified: May 6, 2026

7.1

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability: 8.6 / Impact: 6.9

Source: NVD

Description

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.

Affected (17)

Products: Python: Python · Apple: Mac Os X

1 product

1 product

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Python Python	Version 3.3.0
Python Python	Version 3.3.0 alpha1
Python Python	Version 3.3.0 alpha2
Python Python	Version 3.3.0 alpha3
Python Python	Version 3.3.0 alpha4
Python Python	Version 3.3.0 beta1
Python Python	Version 3.3.0 beta2
Python Python	Version 3.3.0 rc1
Python Python	Version 3.3.0 rc2
Python Python	Version 3.3.0 rc3
Python Python	Version 3.3.1
Python Python	Version 3.3.1 rc1
Python Python	Version 3.3.2
Python Python	Version 3.3.3
Python Python	Version 3.3.3 rc1
Python Python	Version 3.3.3 rc2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Up to 10.10.4

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (22)

http://bugs.python.org/issue20078

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://hg.python.org/cpython/rev/79ea4ce431b1

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

Source: cve@mitre.org

Mailing List

http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/oss-sec/2014/q1/592

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/oss-sec/2014/q1/595

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/65179

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029973

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://docs.python.org/3.3/whatsnew/changelog.html

Source: cve@mitre.org

Vendor Advisory

https://security.gentoo.org/glsa/201503-10

Source: cve@mitre.org

Third Party Advisory

https://support.apple.com/kb/HT205031

Source: cve@mitre.org

PatchVendor Advisory

http://bugs.python.org/issue20078

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

http://hg.python.org/cpython/rev/79ea4ce431b1

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/oss-sec/2014/q1/592

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/oss-sec/2014/q1/595

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/65179

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029973

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://docs.python.org/3.3/whatsnew/changelog.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://security.gentoo.org/glsa/201503-10

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/kb/HT205031

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.