zipfile DoS using invalid file size¶
Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the functions:
ZipExtFile.read()
ZipExtFile.readlines()
ZipFile.extract()
ZipFile.extractall()
Reading malformed zipfiles no longer hangs with 100% CPU consumption.
Python 2.7 is not affected.
Dates:
- Disclosure date: 2013-12-27 (Python issue bpo-20078 reported)
Fixed In¶
- Python 3.3.4 (2014-02-09) fixed by commit 5ce3f10 (branch 3.3) (2014-01-09)
- Python 3.4.0 (2014-03-16) fixed by commit 5ce3f10 (branch 3.3) (2014-01-09)
Python issue¶
zipfile - ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips.
- Python issue: bpo-20078
- Creation date: 2013-12-27
- Reporter: Nandiya
CVE-2013-7338¶
Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.
- CVE ID: CVE-2013-7338
- Published: 2014-04-22
- CVSS Score: 7.1
Timeline¶
Timeline using the disclosure date 2013-12-27 as reference:
- 2013-12-27: Python issue bpo-20078 reported by Nandiya
- 2014-01-09 (+13 days): commit 5ce3f10 (branch 3.3)
- 2014-02-09 (+44 days): Python 3.3.4 released
- 2014-03-16: Python 3.4.0 released
- 2014-04-22 (+116 days): CVE-2013-7338 published