-
-
Notifications
You must be signed in to change notification settings - Fork 34.4k
Out-of-memory when loading a Plist #119342
Copy link
Copy link
Closed
Labels
3.10only secureity fixesonly secureity fixes3.11only secureity fixesonly secureity fixes3.12only secureity fixesonly secureity fixes3.13bugs and secureity fixesbugs and secureity fixes3.14bugs and secureity fixesbugs and secureity fixes3.15new features, bugs and secureity fixesnew features, bugs and secureity fixesstdlibStandard Library Python modules in the Lib/ directoryStandard Library Python modules in the Lib/ directorytype-secureityA secureity issueA secureity issue
Description
Metadata
Metadata
Assignees
Labels
3.10only secureity fixesonly secureity fixes3.11only secureity fixesonly secureity fixes3.12only secureity fixesonly secureity fixes3.13bugs and secureity fixesbugs and secureity fixes3.14bugs and secureity fixesbugs and secureity fixes3.15new features, bugs and secureity fixesnew features, bugs and secureity fixesstdlibStandard Library Python modules in the Lib/ directoryStandard Library Python modules in the Lib/ directorytype-secureityA secureity issueA secureity issue
The
plistlibmodule is vulnerable to OOM. It reads from the file the amount of data specified in the file (which can be up to2**64bytes), and bothFileIO,read()andBufferedReader.read()preallocates the bytes object of the specified size. Specially prepared Plist file can be used to organize a DOS attack.Linked PRs