Home

Description

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

PUBLISHED Reserved 2025-12-01 | Published 2025-12-01 | Updated 2026-01-07 | Assigner PSF




LOW: 2.1CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N

Product status

Default status
unaffected

Any version before 3.13.10
affected

3.14.0 (python) before 3.14.1
affected

3.15.0a1 (python) before 3.15.0a3
affected

References

github.com/python/cpython/pull/119343 patch

github.com/python/cpython/issues/119342 issue-tracking

github.com/...ommit/694922cf40aa3a28f898b5f5ee08b71b4922df70 patch

github.com/...ommit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba patch

github.com/...ommit/b64441e4852383645af5b435411a6f849dd1b4cb patch

mail.python.org/.../thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/ vendor-advisory

github.com/...ommit/5a8b19677d818fb41ee55f310233772e15aa1a2b patch

cve.org (CVE-2025-13837)

nvd.nist.gov (CVE-2025-13837)

Download JSON