Denial Of Service (DoS)

2023-08-3022:31:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

python3.9

dos

plistlib

vulnerability

remote attacker

plist file

cpu

memory

resources

denial-of-service

attack

software

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

24.1%

JSON

python3.9 is vulnerable to Denial of Service (DoS) attacks. This vulnerability exists due to a flaw in the way the plistlib module parses certain Apple Property List (plist) files in binary format. A remote attacker can exploit this vulnerability by sending a specially crafted plist file, which could cause the Python interpreter to use excessive CPU and memory resources, leading to a denial-of-service attack.

CPENameOperatorVersion
python3.9:bullseyeeq3.9.0-5
python3.7:bustereq3.7.3-2+deb10u3
python3.7:bustereq3.7.3-2+deb10u2
python3.9:bullseyeeq3.9.0-5
python3.7:bustereq3.7.3-2+deb10u3
python3.7:bustereq3.7.3-2+deb10u2
pypy3:bullseyeeq7.3.3+dfsg-1
pypy3:sideq7.3.3+dfsg-1

Name	Operator	Version
python3.9:bullseye	eq	3.9.0-5
python3.7:buster	eq	3.7.3-2+deb10u3
python3.7:buster	eq	3.7.3-2+deb10u2
python3.9:bullseye	eq	3.9.0-5
python3.7:buster	eq	3.7.3-2+deb10u3
python3.7:buster	eq	3.7.3-2+deb10u2
pypy3:bullseye	eq	7.3.3+dfsg-1
pypy3:sid	eq	7.3.3+dfsg-1