CVE-2013-1753: xmlrpc gzip unlimited read

Add a default limit for the amount of data xmlrpclib.gzip_decode() will return.

  • Disclosure date: 2012-09-25 (Python issue bpo-16043 reported)
  • Red Hat impact: Moderate

Fixed In

Python issue

xmlrpc: gzip_decode has unlimited read().

  • Python issue: bpo-16043
  • Creation date: 2012-09-25
  • Reporter: Christian Heimes

Timeline

Timeline using the disclosure date 2012-09-25 as reference: