Skip to content

Out-of-memory when loading a Plist #119342

New issue
New issue
Open
Open
Out-of-memory when loading a Plist#119342
Labels
3.10only security fixes3.11only security fixes3.12only security fixes3.13bugs and security fixes3.14new features, bugs and security fixes3.8 (EOL)end of life3.9only security fixestype-securityA security issue
@serhiy-storchaka

Description

@serhiy-storchaka
serhiy-storchaka
opened on May 21, 2024 · edited by bedevere-app

The plistlib module is vulnerable to OOM. It reads from the file the amount of data specified in the file (which can be up to 2**64 bytes), and both FileIO,read() and BufferedReader.read() preallocates the bytes object of the specified size. Specially prepared Plist file can be used to organize a DOS attack.

Linked PRs

Activity

serhiy-storchaka
added
type-securityA security issue
3.11only security fixes
3.10only security fixes
3.9only security fixes
3.8 (EOL)end of life
3.12only security fixes
3.13bugs and security fixes
3.14new features, bugs and security fixes
on May 21, 2024
serhiy-storchaka
added a commit that references this issue on May 21, 2024

pythongh-119342: Fix OOM vulnerability in plistlib

6969658
bedevere-app
mentioned this on May 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    3.10only security fixes3.11only security fixes3.12only security fixes3.13bugs and security fixes3.14new features, bugs and security fixes3.8 (EOL)end of life3.9only security fixestype-securityA security issue

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @serhiy-storchaka

        Issue actions
          Out-of-memory when loading a Plist · Issue #119342 · python/cpython