CVE-2025-13837

Updated: 2026-02-04 05:06:57.501916

Description:

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU python3.11 3.11.2 5.5 MEDIUM Needs Triage 2026-02-04 09:00:54
AlmaLinux 9.2 ESU python3 3.9.16 5.5 MEDIUM Needs Triage 2026-02-04 09:00:23
CentOS 6 ELS python 2.6.6 5.5 MEDIUM Ignored 2026-02-05 04:14:15 This issue is local-only and requires user interaction to open an attacker-provided .plist with Pyth...
CentOS 7 ELS python 2.7.5 5.5 MEDIUM Ignored 2026-02-05 04:14:13 This issue is local-only and requires user interaction to open an attacker-provided .plist with Pyth...
CentOS 7 ELS python3 3.6.8 5.5 MEDIUM Ignored 2026-02-05 04:14:19 This issue is local-only and requires user interaction to open an attacker-provided .plist with Pyth...
CentOS 8.4 ELS python3 3.6.8 5.5 MEDIUM Ignored 2026-02-05 04:14:20 This issue is local and requires user interaction: it only manifests if a Python application deliber...
CentOS 8.4 ELS python2 2.7.18 5.5 MEDIUM Ignored 2026-02-05 04:14:26 This issue is local and requires user interaction: it only manifests if a Python application deliber...
CentOS 8.5 ELS python2 2.7.18 5.5 MEDIUM Ignored 2026-02-05 04:14:27 This issue is local and requires user interaction: it only manifests if a Python application deliber...
CentOS 8.5 ELS python3 3.6.8 5.5 MEDIUM Ignored 2026-02-05 04:14:21 This issue is local and requires user interaction: it only manifests if a Python application deliber...
CentOS Stream 8 ELS python2 2.7.18 5.5 MEDIUM Ignored 2026-02-05 04:14:27 This issue is local and requires user interaction: it only manifests if a Python application deliber...
Total: 24