zipfile DoS using invalid file size

Warning

This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.

The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the Open Source Vulnerability Database.

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the functions:

• ZipExtFile.read()

• ZipExtFile.readlines()

• ZipFile.extract()

• ZipFile.extractall()

Reading malformed zipfiles no longer hangs with 100% CPU consumption.

Python 2.7 is not affected.

Dates:

• Disclosure date: 2013-12-27 (Python issue bpo-20078 reported)

Fixed In

• Python 3.3.4 (2014-02-09) fixed by commit 5ce3f10 (branch 3.3) (2014-01-09)

• Python 3.4.0 (2014-03-16) fixed by commit 5ce3f10 (branch 3.3) (2014-01-09)

Python issue

zipfile - ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips.

• Python issue: bpo-20078

• Creation date: 2013-12-27

• Reporter: Nandiya

CVE-2013-7338

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.

• CVE ID: CVE-2013-7338

• Published: 2014-04-22

• CVSS Score: 7.1

Timeline

Timeline using the disclosure date 2013-12-27 as reference:

• 2013-12-27: Python issue bpo-20078 reported by Nandiya

• 2014-01-09 (+13 days): commit 5ce3f10 (branch 3.3)

• 2014-02-09 (+44 days): Python 3.3.4 released

• 2014-03-16: Python 3.4.0 released

• 2014-04-22 (+116 days): CVE-2013-7338 published