CVE-2022-48564

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-48564

Severity

Unknown

Description

read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.

References

https://images.chainguard.dev/security/CGA-4qh5-c7fr-956h
https://github.com/advisories/GHSA-p8vw-m6qq-w42v
https://images.chainguard.dev/security/CGA-w595-rcc9-f479
https://images.chainguard.dev/security/CGA-rf6m-7vpm-p4wp
https://bugs.python.org/issue42103
https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html
https://security.netapp.com/advisory/ntap-20230929-0009/
https://security-tracker.debian.org/tracker/CVE-2022-48564

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2022-48564

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources