Warning
This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.
The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the Open Source Vulnerability Database.
Add a default limit for the amount of data xmlrpclib.gzip_decode() will return.
Dates:
Disclosure date: 2012-09-25 (Python issue bpo-16043 reported)
Red Hat impact: Moderate
Python 2.7.9 (2014-12-10) fixed by commit 9e8f523 (branch 2.7) (2014-12-06)
Python 3.3.7 (2017-09-19) fixed by commit 4e9cefa (branch 3.2) (2014-12-06)
Python 3.4.3 (2015-02-25) fixed by commit 4e9cefa (branch 3.2) (2014-12-06)
Python 3.5.0 (2015-09-12) fixed by commit 4e9cefa (branch 3.2) (2014-12-06)
xmlrpc: gzip_decode has unlimited read().
Python issue: bpo-16043
Creation date: 2012-09-25
Reporter: Christian Heimes
The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.
CVE ID: CVE-2013-1753
Published: 2020-03-11
CVSS Score: 5.0
Timeline using the disclosure date 2012-09-25 as reference:
2012-09-25: Python issue bpo-16043 reported by Christian Heimes
2014-12-06 (+802 days): commit 4e9cefa (branch 3.2)
2014-12-06 (+802 days): commit 9e8f523 (branch 2.7)
2014-12-10 (+806 days): Python 2.7.9 released
2015-02-25 (+883 days): Python 3.4.3 released
2015-09-12: Python 3.5.0 released
2017-09-19 (+1820 days): Python 3.3.7 released
2020-03-11 (+2724 days): CVE-2013-1753 published
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4