]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 57cc1bd) | patch
[3.12] gh-145986: Avoid unbound C recursion in `conv_content_model` in `pyexpat.c...
authorStan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Sun, 15 Mar 2026 21:46:06 +0000 (21:46 +0000)
committerStan Ulbrych <stan@ulbrych.org>
Sun, 15 Mar 2026 22:00:45 +0000 (22:00 +0000)
commite5caf45faac74b0ed869e3336420cffd3510ce6e
tree25eb968caecbf18ad0be20b080722bc60193405dtree | snapshot
parent57cc1bdfdbc208c9f4c788a58ef6554e0bd0d493commit | diff
[3.12] gh-145986: Avoid unbound C recursion in `conv_content_model` in `pyexpat.c` (CVE 2026-4224) (GH-145987)

Fix C stack overflow (CVE-2026-4224) when an Expat parser
with a registered `ElementDeclHandler` parses inline DTD
containing deeply nested content model.

---------
(cherry picked from commit eb0e8be3a7e11b87d198a2c3af1ed0eccf532768)

Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
Lib/test/test_pyexpat.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2026-03-14-17-31-39.gh-issue-145986.ifSSr8.rst [new file with mode: 0644] blob
Modules/pyexpat.c diff | blob | blame | history
Mirror of https://github.com/python/cpython.git