CNNVD-202601-3361 Information

CNNVD ID

CNNVD-202601-3361

Related CVE

CVE-2025-12781

• CNNVD Published: 2026-01-21

Description (Chinese)

CPython是Python基金会的一个用C语言实现的Python解释器。 CPython存在安全漏洞，该漏洞源于b64decode、standard_b64decode和urlsafe_b64decode函数始终接受+和/字符，可能导致数据完整性问题。

Description (English)

CPython is a Python interpreter for the Python Foundation in the C language. CPython has a security loophole, which stems from the acceptance of + and/or characters at all times by the b64decode, standard b64decode and urlsfe b64decode functions, which may lead to data integrity problems.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

Python

Published

2026-01-21

Last Modified

2026-02-24

References

https://github.com/python/cpython/issues/125346 https://github.com/python/cpython/pull/141128 https://mail.python.org/archives/list/security-announce@python.org/thread/KRI7GC6S27YV5NJ4FPDALS2WI5ENAFJ6/

Patch

https://github.com/python/cpython/tags