Fluid Attacks Database

Description

read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	pypy3	>=0 <7.3.5+dfsg-2	7.3.5+dfsg-2
debian 12	pypy3	>=0 <7.3.5+dfsg-2	7.3.5+dfsg-2
debian 13	pypy3	>=0 <7.3.5+dfsg-2	7.3.5+dfsg-2
debian 14	pypy3	>=0 <7.3.5+dfsg-2	7.3.5+dfsg-2
debian 11	python3.9	>=0 <3.9.1~rc1-1	3.9.1~rc1-1
rpm rhel7	python3	-	-
rpm rhel8	python3	<0:3.6.8-56.el8_9.2	0:3.6.8-56.el8_9.2
rpm rhel8.6	python3	<0:3.6.8-47.el8_6.4	0:3.6.8-47.el8_6.4
rpm rhel8.8	python3	<0:3.6.8-51.el8_8.4	0:3.6.8-51.el8_8.4

Aliases

1. CVE-2022-485642. NVD-2022-485643. OSV-DEBIAN-2022-485644. OSV-2022-485645. SECURITY-TRACKER-CVE-2022-48564

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.