You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Bug Description:
The code will re-scan the newly generated content after replacing the variable. If a variable is defined to contain itself (i.e., a recursive definition), this process will fall into infinite recursion.
This recursion can lead to two forms of attacks: one is to cause an infinite loop and deplete CPU resources, and the other is to cause the string to grow infinitely and deplete memory resources. The final result will all lead to the application crashing or being unresponsive.
Bug Description:
The code will re-scan the newly generated content after replacing the variable. If a variable is defined to contain itself (i.e., a recursive definition), this process will fall into infinite recursion.
This recursion can lead to two forms of attacks: one is to cause an infinite loop and deplete CPU resources, and the other is to cause the string to grow infinitely and deplete memory resources. The final result will all lead to the application crashing or being unresponsive.
Vulnerability Locations :
1.
cpython/Tools/freeze/checkextensions.py
Line 72 in e64395e
Repair Status:
None
Common Information:
Linked PRs