python is vulnerable to denial of service (DoS). The vulnerability exists through an integer overflow in Modules/_pickle.c
, allowing for memory exhaustion when serializing gigabytes of data.
lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
access.redhat.com/errata/RHSA-2019:3725
access.redhat.com/security/updates/classification/#moderate
bugs.python.org/issue34656
bugzilla.redhat.com/show_bug.cgi?id=1709344
bugzilla.redhat.com/show_bug.cgi?id=1749103
github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd
lists.debian.org/debian-lts-announce/2019/02/msg00011.html
lists.debian.org/debian-lts-announce/2020/07/msg00011.html
lists.fedoraproject.org/archives/list/[email protected]/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/
lists.fedoraproject.org/archives/list/[email protected]/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/
lists.fedoraproject.org/archives/list/[email protected]/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/
lists.fedoraproject.org/archives/list/[email protected]/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/
lists.fedoraproject.org/archives/list/[email protected]/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/
lists.fedoraproject.org/archives/list/[email protected]/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/
security.netapp.com/advisory/ntap-20190416-0010/
usn.ubuntu.com/4127-1/
usn.ubuntu.com/4127-2/