projects / python3.9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 31f5896) | patch
[3.13] gh-119342: Fix a potential denial of service in plistlib (GH-119343) (GH-142144)
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Mon, 1 Dec 2025 15:50:28 +0000 (16:50 +0100)
committerRaspbian forward porter <root@raspbian.org>
Sat, 24 Jan 2026 09:41:14 +0000 (09:41 +0000)
commit5f73a466d80a58264de879ceb119634b582fef4c
tree1e5d078e3d4364dcc3413385c3cb6881aafda849tree | snapshot
parent31f589678fe9c5159846ae3456f97ce808b3abfbcommit | diff
[3.13] gh-119342: Fix a potential denial of service in plistlib (GH-119343) (GH-142144)

Reading a specially prepared small Plist file could cause OOM because file's
read(n) preallocates a bytes object for reading the specified amount of
data. Now plistlib reads large data by chunks, therefore the upper limit of
consumed memory is proportional to the size of the input file.
(cherry picked from commit 694922cf40aa3a28f898b5f5ee08b71b4922df70)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Origin: backport, https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba

Gbp-Pq: Name CVE-2025-13837.patch
Lib/plistlib.py diff | blob | history
Lib/test/test_plistlib.py diff | blob | history
Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.