CVE-2025-13837

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-13837

Severity

5.5

Medium

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

References

https://nvd.nist.gov/vuln/detail/CVE-2025-13837
https://github.com/advisories/GHSA-qhx6-hpfj-8m4g
https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/
https://github.com/python/cpython/issues/119342
https://github.com/python/cpython/pull/119343
https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b
https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70
https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba
https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2025-13837

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company