Skip to content

Out-of-memory when loading a Plist #119342

New issue
New issue
Open
Open
Out-of-memory when loading a Plist#119342
Labels
3.10only security fixes3.11only security fixes3.12only security fixes3.13bugs and security fixes3.14bugs and security fixes3.8 (EOL)end of life3.9only security fixestype-securityA security issue
@serhiy-storchaka

Description

@serhiy-storchaka
serhiy-storchaka
opened on May 21, 2024

The plistlib module is vulnerable to OOM. It reads from the file the amount of data specified in the file (which can be up to 2**64 bytes), and both FileIO,read() and BufferedReader.read() preallocates the bytes object of the specified size. Specially prepared Plist file can be used to organize a DOS attack.

Linked PRs

Metadata

Metadata

Assignees

No one assigned

    Labels

    3.10only security fixes3.11only security fixes3.12only security fixes3.13bugs and security fixes3.14bugs and security fixes3.8 (EOL)end of life3.9only security fixestype-securityA security issue

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions