CNNVD-202510-915 Information

CNNVD ID

CNNVD-202510-915

Related CVE

CVE-2025-8291

• CNNVD Published: 2025-10-07

Description (Chinese)

Python是Python基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。 Python存在安全漏洞，该漏洞源于未验证ZIP64 EOCD定位器记录偏移值有效性，可能导致ZIP档案处理不一致。

Description (English)

Python is an open-source, object-oriented programming language for the Python Foundation. The language has such characteristics as scalable, supporting modules and packages, and supporting multiple platforms. Python has a security loophole, which stems from the failure to verify the validity of the ZIP64 EOCD location, which may lead to inconsistent processing of ZIP archives.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Python

Published

2025-10-07

Last Modified

2026-02-24

References

https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://github.com/python/cpython/pull/139702 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://vigilance.fr/vulnerability/Python-Core-zipfile-directory-traversal-via-ZIP64-End-of-Central-Directory-48409