projects / python3.9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3228db0) | patch
[3.13] gh-119342: Fix a potential denial of service in plistlib (GH-119343) (GH-142144)
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Mon, 1 Dec 2025 15:50:28 +0000 (16:50 +0100)
committerAndrej Shadura <andrewsh@debian.org>
Sun, 25 Jan 2026 13:37:52 +0000 (14:37 +0100)
commitd20f8ee1feb84cf4946dd6734803a3b0bfd55711
treee6c832d98c265d7494abc8734b9bff37de7482d3tree | snapshot
parent3228db0b983c06dcb283476ffff6b4db3c3bcff2commit | diff
[3.13] gh-119342: Fix a potential denial of service in plistlib (GH-119343) (GH-142144)

Reading a specially prepared small Plist file could cause OOM because file's
read(n) preallocates a bytes object for reading the specified amount of
data. Now plistlib reads large data by chunks, therefore the upper limit of
consumed memory is proportional to the size of the input file.
(cherry picked from commit 694922cf40aa3a28f898b5f5ee08b71b4922df70)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Origin: backport, https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba

Gbp-Pq: Name CVE-2025-13837.patch
Lib/plistlib.py diff | blob | history
Lib/test/test_plistlib.py diff | blob | history
Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.