[New-bugs-announce] [issue18317] gettext: DoS via crafted Plural-Forms

Jakub Wilk report at bugs.python.org
Fri Jun 28 00:01:26 CEST 2013

New submission from Jakub Wilk:

It is possible to craft a MO file with Plural-Forms taking arbitrary amounts of CPU and memory to evaluate. A test case is attached.

I realize that opening unstrusted MO files is a rather unusual use case, but the module already contains some code to protect againt malicious Plural-Forms, so I thought you might want to fix this problem as well.

components: Library (Lib)
files: testcase.mo
messages: 191963
nosy: jwilk
priority: normal
severity: normal
status: open
title: gettext: DoS via crafted Plural-Forms
type: security
Added file: http://bugs.python.org/file30715/testcase.mo

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list