Python up to 3.3.4 Lib/zipfile.py ZipExtFile._read2 ZIP_STORED/ZIP_DEFLATED input validation
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
6.7 | $0-$5k | 0.00 |
A vulnerability classified as critical was found in Python up to 3.3.4 (Programming Language Software). This vulnerability affects the function ZipExtFile._read2
in the library Lib/zipfile.py. The manipulation of the argument ZIP_STORED/ZIP_DEFLATED
with an unknown input leads to a input validation vulnerability. The CWE definition for the vulnerability is CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. As an impact it is known to affect availability. CVE summarizes:
Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.
The weakness was presented 12/27/2013 by Nandiya as Issue 20078 as confirmed bug report (Website). The advisory is shared for download at bugs.python.org. This vulnerability was named CVE-2013-7338 since 03/18/2014. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Technical details and also a public exploit are known.
After immediately, there has been an exploit disclosed. It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 75343 (openSUSE Security Update : python3 (openSUSE-SU-2014:0597-1)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family SuSE Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 123806 (Apple Mac OS X v10.10.5 and Security Update 2015-006 Not Installed (APPLE-SA-2015-08-13-2)).
Upgrading to version 3.3.4 RC1 eliminates this vulnerability. The upgrade is hosted for download at hg.python.org. A possible mitigation has been published 2 weeks after the disclosure of the vulnerability.
The vulnerability is also documented in the vulnerability database at Tenable (75343). See 7837, 11563, 12510 and 57803 for similar entries.
Product
Type
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 6.7
VulDB Base Score: 7.5
VulDB Temp Score: 6.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 75343
Nessus Name: openSUSE Security Update : python3 (openSUSE-SU-2014:0597-1)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 105007
OpenVAS Name: Fedora Update for python3 FEDORA-2014-16393
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Exploit Delay Time: 🔍
Upgrade: Python 3.3.4 RC1
Timeline
12/27/2013 🔍12/27/2013 🔍
01/09/2014 🔍
01/28/2014 🔍
01/28/2014 🔍
01/29/2014 🔍
03/18/2014 🔍
03/29/2014 🔍
04/22/2014 🔍
06/13/2014 🔍
08/14/2015 🔍
08/18/2015 🔍
06/08/2021 🔍
Sources
Advisory: Issue 20078Researcher: Nandiya
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2013-7338 (🔍)
SecurityTracker: 1029973 - Python Zipfile Processing Flaw Lets Remote Users Deny Service
Vulnerability Center: 52154 - Python before 3.3.4 RC1 Remote DoS via a File Size Value, High
SecurityFocus: 65179 - Python 'ZipExtFile._read2()' Method Denial of Service Vulnerability
Secunia: 56627 - Python "ZipExtFile._read2()" Denial of Service Vulnerability, Less Critical
OSVDB: 102599
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 01/29/2014 09:15Updated: 06/08/2021 18:39
Changes: 01/29/2014 09:15 (77), 10/16/2017 09:13 (17), 06/08/2021 18:39 (3)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.