CPython zipfile 模块高危漏洞 CVE-2024-8088 CPython 的 zipfile 模块存在一个高危漏洞,编号为 CVE-2024-8088。该漏洞会导致在处理恶意构造的 zip 档案时,程序陷入无限循环。具体来说,当使用 zipfile.Path 类及其方法(如 namelist()`、`iterdir()`、`extractall() 等)遍历 zip 档案条目名称时,可能会触发无限循环。 此漏洞的根本原因在于 zipfile._path._ancestry() 方法中的路径处理不当。具体来说,代码中的 path.rstrip(posixpath.sep) 和 while 循环条件未正确处理路径,导致无限循环。例如,`posixpath.split("//") 返回 ("//", ""),而 "//" != posixpath.sep` 导致循环无法退出。 该漏洞已被修复,建议更新 CPython 并加强输入验证,以防止潜在的拒绝服务攻击。 原文链接:https://www.openwall.com/lists/oss-security/2024/08/22/1https://www.openwall.com/lists/oss-security/2024/08/22/4 标签:#CPython#漏洞#zipfile#无限循环 #AIGC
OnePlus Nord 2 OxygenOS 12.1 C.04 IND System • Fixed the issue that the lock screen interface displayed abnormally when charging • Fixed the issue that the screen brightness displayed abnormally in certain scenarios • Fixed the occasional issue that the desktop text displayed abnormally in certain scenarios Camera • Optimized the anti-shake effect when shooting videos • Optimized the speed of enabling Camera in certain scenarios Others • Fixed the issue of abnormal crash when enabling Fortnite MD5 Component (my_manifest): c949151afe63f1cfe9fda80d0d541abc Component (my_product): 408223966738c5d0a71f39b211bb1592 Component (my_bigball): 8253f6c910a4bc7cbfe044b3b1f79751 Component (my_stock): f08eb9a61ed03567965cbc76d980e6a3 Component (my_heytap): 28db2abbedc1eafc8947749e91b197fc Component (my_carrier): f0b3b8bd50cc13f4d2a1ebdad9f75f22 Component (system_vendor): e5d935f73c54cc08ae04c9e5abeefe20 Component (my_region): ceb333df4f651e82e5c71a9d76da3273 SHA-1 Full: a3de2e204668cc33c7134bf062bb5f6873a28bce Size Component (my_manifest): 1.22 MB (1278656) Component (my_product): 413.80 MB (433902450) Component (my_bigball): 578.54 MB (606645588) Component (my_stock): 615.30 MB (645192760) Component (my_heytap): 508.90 MB (533621509) Component (my_carrier): 1.04 MB (1088872) Component (system_vendor): 2.49 GB (2675632293) Component (my_region): 3.35 MB (3513520) Full: 4.56 GB (4893267850) Downloads ColorOS Global Server: Component (my_manifest) Component (my_product) Component (my_bigball) Component (my_stock) Component (my_heytap) Component (my_carrier) Component (system_vendor) Component (my_region) Google OTA Server: Full Exported by MlgmXyysd Color OTA Bot@OnePlusOTA #Oxygen#denniz#India#Component#Full#Stable#DN2101
找到 1 条相似帖子
搜索 #zipfile