CVE-2022-48564
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Aug 22, 2023
Updated: Dec 15, 2023
CWE ID 400
Summary
CVE-2022-48564 refers to a Denial of Service (DoS) vulnerability affecting the read_ints function in plistlib.py, a component of Python's library used for handling Apple Property List files, up to and including version 3.9.1. Maliciously crafted binary format files can lead to CPU and RAM exhaustion, potentially causing the targeted system to crash or become unresponsive. This issue may result in significant downtime and should be addressed promptly by updating to a patched version of Python.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Python
Affected Vendors
- Python Software Foundation
- NetApp