CVE-2022-48564

read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
References
Link Resource
https://bugs.python.org/issue42103 Exploit Issue Tracking Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html Mailing List Third Party Advisory VDB Entry
https://security.netapp.com/advisory/ntap-20230929-0009/ Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

History

15 Dec 2023, 15:56

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20230929-0009/ - Third Party Advisory
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html - Mailing List, Third Party Advisory, VDB Entry
References (MISC) https://bugs.python.org/issue42103 - (MISC) https://bugs.python.org/issue42103 - Exploit, Issue Tracking, Patch, Vendor Advisory
CPE cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CWE CWE-400

22 Aug 2023, 19:16

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-22 19:16

Updated : 2024-02-05 00:01


NVD link : CVE-2022-48564

Mitre link : CVE-2022-48564

CVE.ORG link : CVE-2022-48564


JSON object : View

Products Affected

python

  • python

netapp

  • active_iq_unified_manager
CWE
CWE-400

Uncontrolled Resource Consumption