CVE-2022-48564

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 22, 2023
Updated: Dec 15, 2023
CWE ID 400

Summary

CVE-2022-48564 refers to a Denial of Service (DoS) vulnerability affecting the read_ints function in plistlib.py, a component of Python's library used for handling Apple Property List files, up to and including version 3.9.1. Maliciously crafted binary format files can lead to CPU and RAM exhaustion, potentially causing the targeted system to crash or become unresponsive. This issue may result in significant downtime and should be addressed promptly by updating to a patched version of Python.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Python

Affected Vendors

  • Python Software Foundation
  • NetApp