[New-bugs-announce] [issue18317] gettext: DoS via crafted Plural-Forms
Jakub Wilk
report at bugs.python.org
Fri Jun 28 00:01:26 CEST 2013
New submission from Jakub Wilk:
It is possible to craft a MO file with Plural-Forms taking arbitrary amounts of CPU and memory to evaluate. A test case is attached.
I realize that opening unstrusted MO files is a rather unusual use case, but the module already contains some code to protect againt malicious Plural-Forms, so I thought you might want to fix this problem as well.
----------
components: Library (Lib)
files: testcase.mo
messages: 191963
nosy: jwilk
priority: normal
severity: normal
status: open
title: gettext: DoS via crafted Plural-Forms
type: security
Added file: http://bugs.python.org/file30715/testcase.mo
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue18317>
_______________________________________
More information about the New-bugs-announce
mailing list