CNNVD-202512-050 Information
CNNVD ID
CNNVD-202512-050
Related CVE
- CNNVD Published: 2025-12-01
Description (Chinese)
CPython是Python基金会的一个用C语言实现的Python解释器。 CPython存在安全漏洞,该漏洞源于plistlib模块读取数据时未限制大小,可能导致恶意文件引发内存不足和拒绝服务问题。
Description (English)
CPython is a Python interpreter for the Python Foundation in the C language. There is a security loophole in CPython, which stems from the unlimited size of the pistlib module when reading data, which may lead to poor memory and denial of services caused by malicious documents.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Python
Published
2025-12-01
Last Modified
2026-02-24
References
https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70 https://github.com/python/cpython/pull/119343 https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba https://github.com/python/cpython/issues/119342 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13837 https://vigilance.fr/vulnerability/Python-Core-denial-of-service-via-Plist-Loading-48924
Patch
https://github.com/python/cpython/tags
Share on: