CVE-2026-4224 | THREATINT

Description

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.

PUBLISHED Reserved 2026-03-15 | Published 2026-03-16 | Updated 2026-04-08 | Assigner PSF

MEDIUM: 6.0CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Product status

Default status

unaffected

Any version before 3.13.13

affected

3.14.0 (python) before 3.14.4

affected

3.15.0a1 (python) before 3.15.0a8

affected

Credits

Gil Portnoy reporter

Stan Ulbrych remediation developer

Bénédikt Tran remediation reviewer

Stan Ulbrych coordinator

References

www.openwall.com/lists/oss-security/2026/03/16/4

github.com/...ommit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768 patch

mail.python.org/.../thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/ vendor-advisory

github.com/python/cpython/issues/145986 issue-tracking

github.com/python/cpython/pull/145987 patch

github.com/...ommit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a patch

github.com/...ommit/e0a8a6da90597a924b300debe045cdb4628ee1f3 patch

github.com/...ommit/642865ddf4b232da1f3b1f7abcfa3254c4bfe785 patch

github.com/...ommit/af856a7177326ac25d9f66cc6dd28b554d914fee patch

cve.org (CVE-2026-4224)

nvd.nist.gov (CVE-2026-4224)

Download JSON