CVE-2025-13837

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-13837

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-13837.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-13837

Aliases

Downstream

BELL-CVE-2025-13837

DEBIAN-CVE-2025-13837

DLA-4445-1

ECHO-8bc4-4724-22d3

MINI-63j8-j68g-cmcw

MINI-7vjc-3rmh-vgqj

MINI-p3vp-22rg-9xjg

MINI-p93c-hq2x-pwjg

MINI-x3cp-fw88-8qq6

OESA-2026-1052

OESA-2026-1053

OESA-2026-1054

OESA-2026-1055

OESA-2026-1056

OESA-2026-1057

ROOT-OS-DEBIAN-12-CVE-2025-13837

ROOT-OS-DEBIAN-13-CVE-2025-13837

SUSE-SU-2025:4522-1

SUSE-SU-2025:4538-1

SUSE-SU-2025:4539-1

SUSE-SU-2026:0024-1

SUSE-SU-2026:0025-1

SUSE-SU-2026:0027-1

SUSE-SU-2026:0130-1

SUSE-SU-2026:0299-1

SUSE-SU-2026:0314-1

SUSE-SU-2026:20047-1

SUSE-SU-2026:20125-1

SUSE-SU-2026:20154-1

SUSE-SU-2026:20374-1

UBUNTU-CVE-2025-13837

USN-8018-1

openSUSE-SU-2025:15839-1

openSUSE-SU-2025:15840-1

openSUSE-SU-2025:15846-1

openSUSE-SU-2025:15849-1

openSUSE-SU-2025:15850-1

openSUSE-SU-2025:15851-1

openSUSE-SU-2026:10011-1

openSUSE-SU-2026:20081-1

Related

Published

2025-12-01T18:16:04.380Z

Modified

2026-03-15T15:22:21.554593Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type

GIT

Repo

https://github.com/python/cpython

Events

Introduced

Fixed

4fd884356d7f29b2a07a4274bef04998ac96d529

Introduced

ebf955df7a89ed0c7968f79faec1de49f61ed7cb

Fixed

57e0d177c26d4a508ef46adae9cbae46fca39f70

Fixed

568342cfc8f002d9a15f30238f26b9d2e0e79036

Fixed

5a8b19677d818fb41ee55f310233772e15aa1a2b

Fixed

694922cf40aa3a28f898b5f5ee08b71b4922df70

Fixed

71fa8eb8233b37f16c88b6e3e583b461b205d1ba

Fixed

b64441e4852383645af5b435411a6f849dd1b4cb

Fixed

cefee7d118a26ef6cd43db59bb9d98ca9a331111

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.13.10"
        },
        {
            "introduced": "3.14.0"
        },
        {
            "fixed": "3.14.1"
        }
    ]
}

Affected versions

v3.*

v3.14.0

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.15.0-alpha1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.15.0-alpha2"
            }
        ]
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-13837.json"