Vulnerability-Lookup

SUSE-SU-2026:0133-1

Vulnerability from csaf_suse - Published: 2026-01-16 09:19 - Updated: 2026-01-16 09:19

Summary

Security update for python

Notes

Title of the patch

Security update for python

Description of the patch

This update for python fixes the following issues: - CVE-2025-8291: check validity of the ZIP64 End of Central Directory (EOCD) in the 'zipfile' module (bsc#1251305). - CVE-2025-12084: prevent quadratic behavior in node ID cache clearing (bsc#1254997). - CVE-2025-13836: prevent reading an HTTP response from a server, if no read amount is specified, with using Content-Length per default as the length (bsc#1254400).

Patchnames

SUSE-2026-133,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-133

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for python",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for python fixes the following issues:\n\n- CVE-2025-8291: check validity of the ZIP64 End of Central Directory (EOCD) in the \u0027zipfile\u0027 module (bsc#1251305).\n- CVE-2025-12084: prevent quadratic behavior in node ID cache clearing (bsc#1254997).\n- CVE-2025-13836: prevent reading an HTTP response from a server, if no read amount is specified, with using Content-Length per default as the length (bsc#1254400).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2026-133,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-133",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0133-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:0133-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260133-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:0133-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023782.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1251305",
        "url": "https://bugzilla.suse.com/1251305"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1254400",
        "url": "https://bugzilla.suse.com/1254400"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1254997",
        "url": "https://bugzilla.suse.com/1254997"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-12084 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-12084/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-13836 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-13836/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-8291 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-8291/"
      }
    ],
    "title": "Security update for python",
    "tracking": {
      "current_release_date": "2026-01-16T09:19:41Z",
      "generator": {
        "date": "2026-01-16T09:19:41Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:0133-1",
      "initial_release_date": "2026-01-16T09:19:41Z",
      "revision_history": [
        {
          "date": "2026-01-16T09:19:41Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpython2_7-1_0-2.7.18-33.56.1.aarch64",
                "product": {
                  "name": "libpython2_7-1_0-2.7.18-33.56.1.aarch64",
                  "product_id": "libpython2_7-1_0-2.7.18-33.56.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python-2.7.18-33.56.1.aarch64",
                "product": {
                  "name": "python-2.7.18-33.56.1.aarch64",
                  "product_id": "python-2.7.18-33.56.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python-base-2.7.18-33.56.1.aarch64",
                "product": {
                  "name": "python-base-2.7.18-33.56.1.aarch64",
                  "product_id": "python-base-2.7.18-33.56.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python-curses-2.7.18-33.56.1.aarch64",
                "product": {
                  "name": "python-curses-2.7.18-33.56.1.aarch64",
                  "product_id": "python-curses-2.7.18-33.56.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python-demo-2.7.18-33.56.1.aarch64",
                "product": {
                  "name": "python-demo-2.7.18-33.56.1.aarch64",
                  "product_id": "python-demo-2.7.18-33.56.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python-devel-2.7.18-33.56.1.aarch64",
                "product": {
                  "name": "python-devel-2.7.18-33.56.1.aarch64",
                  "product_id": "python-devel-2.7.18-33.56.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python-gdbm-2.7.18-33.56.1.aarch64",
                "product": {
                  "name": "python-gdbm-2.7.18-33.56.1.aarch64",
                  "product_id": "python-gdbm-2.7.18-33.56.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python-idle-2.7.18-33.56.1.aarch64",
                "product": {
                  "name": "python-idle-2.7.18-33.56.1.aarch64",
                  "product_id": "python-idle-2.7.18-33.56.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python-strict-tls-check-2.7.18-33.56.1.aarch64",
                "product": {
                  "name": "python-strict-tls-check-2.7.18-33.56.1.aarch64",
                  "product_id": "python-strict-tls-check-2.7.18-33.56.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python-tk-2.7.18-33.56.1.aarch64",
                "product": {
                  "name": "python-tk-2.7.18-33.56.1.aarch64",
                  "product_id": "python-tk-2.7.18-33.56.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python-xml-2.7.18-33.56.1.aarch64",
                "product": {
                  "name": "python-xml-2.7.18-33.56.1.aarch64",
                  "product_id": "python-xml-2.7.18-33.56.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpython2_7-1_0-64bit-2.7.18-33.56.1.aarch64_ilp32",
                "product": {
                  "name": "libpython2_7-1_0-64bit-2.7.18-33.56.1.aarch64_ilp32",
                  "product_id": "libpython2_7-1_0-64bit-2.7.18-33.56.1.aarch64_ilp32"
                }
              },
              {
                "category": "product_version",
                "name": "python-64bit-2.7.18-33.56.1.aarch64_ilp32",
                "product": {
                  "name": "python-64bit-2.7.18-33.56.1.aarch64_ilp32",
                  "product_id": "python-64bit-2.7.18-33.56.1.aarch64_ilp32"
                }
              },
              {
                "category": "product_version",
                "name": "python-base-64bit-2.7.18-33.56.1.aarch64_ilp32",
                "product": {
                  "name": "python-base-64bit-2.7.18-33.56.1.aarch64_ilp32",
                  "product_id": "python-base-64bit-2.7.18-33.56.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpython2_7-1_0-2.7.18-33.56.1.i586",
                "product": {
                  "name": "libpython2_7-1_0-2.7.18-33.56.1.i586",
                  "product_id": "libpython2_7-1_0-2.7.18-33.56.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python-2.7.18-33.56.1.i586",
                "product": {
                  "name": "python-2.7.18-33.56.1.i586",
                  "product_id": "python-2.7.18-33.56.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python-base-2.7.18-33.56.1.i586",
                "product": {
                  "name": "python-base-2.7.18-33.56.1.i586",
                  "product_id": "python-base-2.7.18-33.56.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python-curses-2.7.18-33.56.1.i586",
                "product": {
                  "name": "python-curses-2.7.18-33.56.1.i586",
                  "product_id": "python-curses-2.7.18-33.56.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python-demo-2.7.18-33.56.1.i586",
                "product": {
                  "name": "python-demo-2.7.18-33.56.1.i586",
                  "product_id": "python-demo-2.7.18-33.56.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python-devel-2.7.18-33.56.1.i586",
                "product": {
                  "name": "python-devel-2.7.18-33.56.1.i586",
                  "product_id": "python-devel-2.7.18-33.56.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python-gdbm-2.7.18-33.56.1.i586",
                "product": {
                  "name": "python-gdbm-2.7.18-33.56.1.i586",
                  "product_id": "python-gdbm-2.7.18-33.56.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python-idle-2.7.18-33.56.1.i586",
                "product": {
                  "name": "python-idle-2.7.18-33.56.1.i586",
                  "product_id": "python-idle-2.7.18-33.56.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python-strict-tls-check-2.7.18-33.56.1.i586",
                "product": {
                  "name": "python-strict-tls-check-2.7.18-33.56.1.i586",
                  "product_id": "python-strict-tls-check-2.7.18-33.56.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python-tk-2.7.18-33.56.1.i586",
                "product": {
                  "name": "python-tk-2.7.18-33.56.1.i586",
                  "product_id": "python-tk-2.7.18-33.56.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python-xml-2.7.18-33.56.1.i586",
                "product": {
                  "name": "python-xml-2.7.18-33.56.1.i586",
                  "product_id": "python-xml-2.7.18-33.56.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-doc-2.7.18-33.56.1.noarch",
                "product": {
                  "name": "python-doc-2.7.18-33.56.1.noarch",
                  "product_id": "python-doc-2.7.18-33.56.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python-doc-pdf-2.7.18-33.56.1.noarch",
                "product": {
                  "name": "python-doc-pdf-2.7.18-33.56.1.noarch",
                  "product_id": "python-doc-pdf-2.7.18-33.56.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpython2_7-1_0-2.7.18-33.56.1.ppc64le",
                "product": {
                  "name": "libpython2_7-1_0-2.7.18-33.56.1.ppc64le",
                  "product_id": "libpython2_7-1_0-2.7.18-33.56.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python-2.7.18-33.56.1.ppc64le",
                "product": {
                  "name": "python-2.7.18-33.56.1.ppc64le",
                  "product_id": "python-2.7.18-33.56.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python-base-2.7.18-33.56.1.ppc64le",
                "product": {
                  "name": "python-base-2.7.18-33.56.1.ppc64le",
                  "product_id": "python-base-2.7.18-33.56.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python-curses-2.7.18-33.56.1.ppc64le",
                "product": {
                  "name": "python-curses-2.7.18-33.56.1.ppc64le",
                  "product_id": "python-curses-2.7.18-33.56.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python-demo-2.7.18-33.56.1.ppc64le",
                "product": {
                  "name": "python-demo-2.7.18-33.56.1.ppc64le",
                  "product_id": "python-demo-2.7.18-33.56.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python-devel-2.7.18-33.56.1.ppc64le",
                "product": {
                  "name": "python-devel-2.7.18-33.56.1.ppc64le",
                  "product_id": "python-devel-2.7.18-33.56.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python-gdbm-2.7.18-33.56.1.ppc64le",
                "product": {
                  "name": "python-gdbm-2.7.18-33.56.1.ppc64le",
                  "product_id": "python-gdbm-2.7.18-33.56.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python-idle-2.7.18-33.56.1.ppc64le",
                "product": {
                  "name": "python-idle-2.7.18-33.56.1.ppc64le",
                  "product_id": "python-idle-2.7.18-33.56.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python-strict-tls-check-2.7.18-33.56.1.ppc64le",
                "product": {
                  "name": "python-strict-tls-check-2.7.18-33.56.1.ppc64le",
                  "product_id": "python-strict-tls-check-2.7.18-33.56.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python-tk-2.7.18-33.56.1.ppc64le",
                "product": {
                  "name": "python-tk-2.7.18-33.56.1.ppc64le",
                  "product_id": "python-tk-2.7.18-33.56.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python-xml-2.7.18-33.56.1.ppc64le",
                "product": {
                  "name": "python-xml-2.7.18-33.56.1.ppc64le",
                  "product_id": "python-xml-2.7.18-33.56.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpython2_7-1_0-2.7.18-33.56.1.s390",
                "product": {
                  "name": "libpython2_7-1_0-2.7.18-33.56.1.s390",
                  "product_id": "libpython2_7-1_0-2.7.18-33.56.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "python-2.7.18-33.56.1.s390",
                "product": {
                  "name": "python-2.7.18-33.56.1.s390",
                  "product_id": "python-2.7.18-33.56.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "python-base-2.7.18-33.56.1.s390",
                "product": {
                  "name": "python-base-2.7.18-33.56.1.s390",
                  "product_id": "python-base-2.7.18-33.56.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "python-curses-2.7.18-33.56.1.s390",
                "product": {
                  "name": "python-curses-2.7.18-33.56.1.s390",
                  "product_id": "python-curses-2.7.18-33.56.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "python-demo-2.7.18-33.56.1.s390",
                "product": {
                  "name": "python-demo-2.7.18-33.56.1.s390",
                  "product_id": "python-demo-2.7.18-33.56.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "python-devel-2.7.18-33.56.1.s390",
                "product": {
                  "name": "python-devel-2.7.18-33.56.1.s390",
                  "product_id": "python-devel-2.7.18-33.56.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "python-gdbm-2.7.18-33.56.1.s390",
                "product": {
                  "name": "python-gdbm-2.7.18-33.56.1.s390",
                  "product_id": "python-gdbm-2.7.18-33.56.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "python-idle-2.7.18-33.56.1.s390",
                "product": {
                  "name": "python-idle-2.7.18-33.56.1.s390",
                  "product_id": "python-idle-2.7.18-33.56.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "python-strict-tls-check-2.7.18-33.56.1.s390",
                "product": {
                  "name": "python-strict-tls-check-2.7.18-33.56.1.s390",
                  "product_id": "python-strict-tls-check-2.7.18-33.56.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "python-tk-2.7.18-33.56.1.s390",
                "product": {
                  "name": "python-tk-2.7.18-33.56.1.s390",
                  "product_id": "python-tk-2.7.18-33.56.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "python-xml-2.7.18-33.56.1.s390",
                "product": {
                  "name": "python-xml-2.7.18-33.56.1.s390",
                  "product_id": "python-xml-2.7.18-33.56.1.s390"
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpython2_7-1_0-2.7.18-33.56.1.s390x",
                "product": {
                  "name": "libpython2_7-1_0-2.7.18-33.56.1.s390x",
                  "product_id": "libpython2_7-1_0-2.7.18-33.56.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libpython2_7-1_0-32bit-2.7.18-33.56.1.s390x",
                "product": {
                  "name": "libpython2_7-1_0-32bit-2.7.18-33.56.1.s390x",
                  "product_id": "libpython2_7-1_0-32bit-2.7.18-33.56.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python-2.7.18-33.56.1.s390x",
                "product": {
                  "name": "python-2.7.18-33.56.1.s390x",
                  "product_id": "python-2.7.18-33.56.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python-32bit-2.7.18-33.56.1.s390x",
                "product": {
                  "name": "python-32bit-2.7.18-33.56.1.s390x",
                  "product_id": "python-32bit-2.7.18-33.56.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python-base-2.7.18-33.56.1.s390x",
                "product": {
                  "name": "python-base-2.7.18-33.56.1.s390x",
                  "product_id": "python-base-2.7.18-33.56.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python-base-32bit-2.7.18-33.56.1.s390x",
                "product": {
                  "name": "python-base-32bit-2.7.18-33.56.1.s390x",
                  "product_id": "python-base-32bit-2.7.18-33.56.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python-curses-2.7.18-33.56.1.s390x",
                "product": {
                  "name": "python-curses-2.7.18-33.56.1.s390x",
                  "product_id": "python-curses-2.7.18-33.56.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python-demo-2.7.18-33.56.1.s390x",
                "product": {
                  "name": "python-demo-2.7.18-33.56.1.s390x",
                  "product_id": "python-demo-2.7.18-33.56.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python-devel-2.7.18-33.56.1.s390x",
                "product": {
                  "name": "python-devel-2.7.18-33.56.1.s390x",
                  "product_id": "python-devel-2.7.18-33.56.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python-gdbm-2.7.18-33.56.1.s390x",
                "product": {
                  "name": "python-gdbm-2.7.18-33.56.1.s390x",
                  "product_id": "python-gdbm-2.7.18-33.56.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python-idle-2.7.18-33.56.1.s390x",
                "product": {
                  "name": "python-idle-2.7.18-33.56.1.s390x",
                  "product_id": "python-idle-2.7.18-33.56.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python-strict-tls-check-2.7.18-33.56.1.s390x",
                "product": {
                  "name": "python-strict-tls-check-2.7.18-33.56.1.s390x",
                  "product_id": "python-strict-tls-check-2.7.18-33.56.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python-tk-2.7.18-33.56.1.s390x",
                "product": {
                  "name": "python-tk-2.7.18-33.56.1.s390x",
                  "product_id": "python-tk-2.7.18-33.56.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python-xml-2.7.18-33.56.1.s390x",
                "product": {
                  "name": "python-xml-2.7.18-33.56.1.s390x",
                  "product_id": "python-xml-2.7.18-33.56.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpython2_7-1_0-2.7.18-33.56.1.x86_64",
                "product": {
                  "name": "libpython2_7-1_0-2.7.18-33.56.1.x86_64",
                  "product_id": "libpython2_7-1_0-2.7.18-33.56.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpython2_7-1_0-32bit-2.7.18-33.56.1.x86_64",
                "product": {
                  "name": "libpython2_7-1_0-32bit-2.7.18-33.56.1.x86_64",
                  "product_id": "libpython2_7-1_0-32bit-2.7.18-33.56.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python-2.7.18-33.56.1.x86_64",
                "product": {
                  "name": "python-2.7.18-33.56.1.x86_64",
                  "product_id": "python-2.7.18-33.56.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python-32bit-2.7.18-33.56.1.x86_64",
                "product": {
                  "name": "python-32bit-2.7.18-33.56.1.x86_64",
                  "product_id": "python-32bit-2.7.18-33.56.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python-base-2.7.18-33.56.1.x86_64",
                "product": {
                  "name": "python-base-2.7.18-33.56.1.x86_64",
                  "product_id": "python-base-2.7.18-33.56.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python-base-32bit-2.7.18-33.56.1.x86_64",
                "product": {
                  "name": "python-base-32bit-2.7.18-33.56.1.x86_64",
                  "product_id": "python-base-32bit-2.7.18-33.56.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python-curses-2.7.18-33.56.1.x86_64",
                "product": {
                  "name": "python-curses-2.7.18-33.56.1.x86_64",
                  "product_id": "python-curses-2.7.18-33.56.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python-demo-2.7.18-33.56.1.x86_64",
                "product": {
                  "name": "python-demo-2.7.18-33.56.1.x86_64",
                  "product_id": "python-demo-2.7.18-33.56.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python-devel-2.7.18-33.56.1.x86_64",
                "product": {
                  "name": "python-devel-2.7.18-33.56.1.x86_64",
                  "product_id": "python-devel-2.7.18-33.56.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python-gdbm-2.7.18-33.56.1.x86_64",
                "product": {
                  "name": "python-gdbm-2.7.18-33.56.1.x86_64",
                  "product_id": "python-gdbm-2.7.18-33.56.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python-idle-2.7.18-33.56.1.x86_64",
                "product": {
                  "name": "python-idle-2.7.18-33.56.1.x86_64",
                  "product_id": "python-idle-2.7.18-33.56.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python-strict-tls-check-2.7.18-33.56.1.x86_64",
                "product": {
                  "name": "python-strict-tls-check-2.7.18-33.56.1.x86_64",
                  "product_id": "python-strict-tls-check-2.7.18-33.56.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python-tk-2.7.18-33.56.1.x86_64",
                "product": {
                  "name": "python-tk-2.7.18-33.56.1.x86_64",
                  "product_id": "python-tk-2.7.18-33.56.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python-xml-2.7.18-33.56.1.x86_64",
                "product": {
                  "name": "python-xml-2.7.18-33.56.1.x86_64",
                  "product_id": "python-xml-2.7.18-33.56.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpython2_7-1_0-2.7.18-33.56.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython2_7-1_0-2.7.18-33.56.1.x86_64"
        },
        "product_reference": "libpython2_7-1_0-2.7.18-33.56.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpython2_7-1_0-32bit-2.7.18-33.56.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython2_7-1_0-32bit-2.7.18-33.56.1.x86_64"
        },
        "product_reference": "libpython2_7-1_0-32bit-2.7.18-33.56.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-2.7.18-33.56.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-2.7.18-33.56.1.x86_64"
        },
        "product_reference": "python-2.7.18-33.56.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-32bit-2.7.18-33.56.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-32bit-2.7.18-33.56.1.x86_64"
        },
        "product_reference": "python-32bit-2.7.18-33.56.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-base-2.7.18-33.56.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-base-2.7.18-33.56.1.x86_64"
        },
        "product_reference": "python-base-2.7.18-33.56.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-base-32bit-2.7.18-33.56.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-base-32bit-2.7.18-33.56.1.x86_64"
        },
        "product_reference": "python-base-32bit-2.7.18-33.56.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-curses-2.7.18-33.56.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-curses-2.7.18-33.56.1.x86_64"
        },
        "product_reference": "python-curses-2.7.18-33.56.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-demo-2.7.18-33.56.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-demo-2.7.18-33.56.1.x86_64"
        },
        "product_reference": "python-demo-2.7.18-33.56.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-devel-2.7.18-33.56.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-devel-2.7.18-33.56.1.x86_64"
        },
        "product_reference": "python-devel-2.7.18-33.56.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-doc-2.7.18-33.56.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-doc-2.7.18-33.56.1.noarch"
        },
        "product_reference": "python-doc-2.7.18-33.56.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-doc-pdf-2.7.18-33.56.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-doc-pdf-2.7.18-33.56.1.noarch"
        },
        "product_reference": "python-doc-pdf-2.7.18-33.56.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-gdbm-2.7.18-33.56.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-gdbm-2.7.18-33.56.1.x86_64"
        },
        "product_reference": "python-gdbm-2.7.18-33.56.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-idle-2.7.18-33.56.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-idle-2.7.18-33.56.1.x86_64"
        },
        "product_reference": "python-idle-2.7.18-33.56.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-tk-2.7.18-33.56.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-tk-2.7.18-33.56.1.x86_64"
        },
        "product_reference": "python-tk-2.7.18-33.56.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-xml-2.7.18-33.56.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-xml-2.7.18-33.56.1.x86_64"
        },
        "product_reference": "python-xml-2.7.18-33.56.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-12084",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-12084"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython2_7-1_0-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython2_7-1_0-32bit-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-32bit-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-base-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-base-32bit-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-curses-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-demo-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-devel-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-doc-2.7.18-33.56.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-doc-pdf-2.7.18-33.56.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-gdbm-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-idle-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-tk-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-xml-2.7.18-33.56.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-12084",
          "url": "https://www.suse.com/security/cve/CVE-2025-12084"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1254997 for CVE-2025-12084",
          "url": "https://bugzilla.suse.com/1254997"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython2_7-1_0-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython2_7-1_0-32bit-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-32bit-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-base-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-base-32bit-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-curses-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-demo-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-devel-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-doc-2.7.18-33.56.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-doc-pdf-2.7.18-33.56.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-gdbm-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-idle-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-tk-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-xml-2.7.18-33.56.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython2_7-1_0-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython2_7-1_0-32bit-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-32bit-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-base-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-base-32bit-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-curses-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-demo-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-devel-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-doc-2.7.18-33.56.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-doc-pdf-2.7.18-33.56.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-gdbm-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-idle-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-tk-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-xml-2.7.18-33.56.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-16T09:19:41Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-12084"
    },
    {
      "cve": "CVE-2025-13836",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-13836"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython2_7-1_0-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython2_7-1_0-32bit-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-32bit-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-base-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-base-32bit-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-curses-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-demo-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-devel-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-doc-2.7.18-33.56.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-doc-pdf-2.7.18-33.56.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-gdbm-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-idle-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-tk-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-xml-2.7.18-33.56.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-13836",
          "url": "https://www.suse.com/security/cve/CVE-2025-13836"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1254400 for CVE-2025-13836",
          "url": "https://bugzilla.suse.com/1254400"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython2_7-1_0-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython2_7-1_0-32bit-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-32bit-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-base-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-base-32bit-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-curses-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-demo-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-devel-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-doc-2.7.18-33.56.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-doc-pdf-2.7.18-33.56.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-gdbm-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-idle-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-tk-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-xml-2.7.18-33.56.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython2_7-1_0-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython2_7-1_0-32bit-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-32bit-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-base-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-base-32bit-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-curses-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-demo-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-devel-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-doc-2.7.18-33.56.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-doc-pdf-2.7.18-33.56.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-gdbm-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-idle-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-tk-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-xml-2.7.18-33.56.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-16T09:19:41Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-13836"
    },
    {
      "cve": "CVE-2025-8291",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-8291"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The \u0027zipfile\u0027 module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the \u0027zipfile\u0027 module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython2_7-1_0-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython2_7-1_0-32bit-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-32bit-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-base-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-base-32bit-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-curses-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-demo-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-devel-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-doc-2.7.18-33.56.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-doc-pdf-2.7.18-33.56.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-gdbm-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-idle-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-tk-2.7.18-33.56.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-xml-2.7.18-33.56.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-8291",
          "url": "https://www.suse.com/security/cve/CVE-2025-8291"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1251305 for CVE-2025-8291",
          "url": "https://bugzilla.suse.com/1251305"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython2_7-1_0-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython2_7-1_0-32bit-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-32bit-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-base-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-base-32bit-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-curses-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-demo-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-devel-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-doc-2.7.18-33.56.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-doc-pdf-2.7.18-33.56.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-gdbm-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-idle-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-tk-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-xml-2.7.18-33.56.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython2_7-1_0-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython2_7-1_0-32bit-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-32bit-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-base-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-base-32bit-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-curses-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-demo-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-devel-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-doc-2.7.18-33.56.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-doc-pdf-2.7.18-33.56.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-gdbm-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-idle-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-tk-2.7.18-33.56.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-xml-2.7.18-33.56.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-16T09:19:41Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-8291"
    }
  ]
}

CVE-2025-13836 (GCVE-0-2025-13836)

Vulnerability from cvelistv5 – Published: 2025-12-01 18:02 – Updated: 2025-12-22 20:03

Title

Excessive read buffering DoS in http.client

Summary

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

Severity ?

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

PSF

References

URL

Tags

	https://github.com/python/cpython/issues/119451	issue-tracking
	https://github.com/python/cpython/pull/119454	patch
	https://github.com/python/cpython/commit/4ce27904…	patch
	https://github.com/python/cpython/commit/5a4c4a03…	patch
	https://mail.python.org/archives/list/security-an…	vendor-advisory
	https://github.com/python/cpython/commit/289f29b0…	patch
	https://github.com/python/cpython/commit/14b1fdb0…	patch

Impacted products

	Vendor	Product	Version
	Python Software Foundation	CPython	Affected: 0 , < 3.13.11 (python) Affected: 3.14.0 , < 3.14.1 (python) Affected: 3.15.0a1 , < 3.15.0a3 (python)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13836",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-01T18:32:37.506031Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-02T18:29:21.886Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "http.client"
          ],
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.13.11",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.14.1",
              "status": "affected",
              "version": "3.14.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.15.0a3",
              "status": "affected",
              "version": "3.15.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS."
            }
          ],
          "value": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-22T20:03:45.491Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/119451"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/119454"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Excessive read buffering DoS in http.client",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2025-13836",
    "datePublished": "2025-12-01T18:02:38.483Z",
    "dateReserved": "2025-12-01T17:54:40.759Z",
    "dateUpdated": "2025-12-22T20:03:45.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12084 (GCVE-0-2025-12084)

Vulnerability from cvelistv5 – Published: 2025-12-03 18:55 – Updated: 2026-01-14 18:58

Title

Quadratic complexity in node ID cache clearing

Summary

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

Severity ?

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CWE

CWE-407 - Inefficient Algorithmic Complexity

Assigner

PSF

References

URL

Tags

	https://github.com/python/cpython/pull/142146	patch
	https://github.com/python/cpython/issues/142145	issue-tracking
	https://github.com/python/cpython/commit/08d8e18a…	patch
	https://github.com/python/cpython/commit/027f21e4…	patch
	https://github.com/python/cpython/commit/ddcd2acd…	patch
	https://github.com/python/cpython/commit/27648a18…	patch
	https://github.com/python/cpython/commit/8d2d7bb2…	patch
	https://github.com/python/cpython/commit/9c9dda66…	patch
	https://github.com/python/cpython/commit/a696ba8b…	patch
	https://github.com/python/cpython/commit/41f46878…	patch
	https://github.com/python/cpython/commit/57937a8e…	patch
	https://github.com/python/cpython/commit/e91c1144…	patch

Impacted products

	Vendor	Product	Version
	Python Software Foundation	CPython	Affected: 0 , < 3.13.11 (python) Affected: 3.14.0 , < 3.14.2 (python) Affected: 3.15.0a1 , < 3.15.0a3 (python)

Credits

Jacob Walls Shai Berger Natalia Bidart Seth Larson

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12084",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-03T19:13:23.548683Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-407",
                "description": "CWE-407 Inefficient Algorithmic Complexity",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-03T19:14:59.450Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.13.11",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.14.2",
              "status": "affected",
              "version": "3.14.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.15.0a3",
              "status": "affected",
              "version": "3.15.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Jacob Walls"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Shai Berger"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Natalia Bidart"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Seth Larson"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When building nested elements using \u003ccode\u003exml.dom.minidom\u003c/code\u003e methods such as \u003ccode\u003e\u003ccode\u003eappendChild()\u003c/code\u003e\u003c/code\u003e that have a dependency on \u003ccode\u003e_clear_id_cache()\u003c/code\u003e the algorithm is quadratic. Availability can be impacted when building excessively nested documents."
            }
          ],
          "value": "When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-14T18:58:12.978Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/142146"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/142145"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Quadratic complexity in node ID cache clearing",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2025-12084",
    "datePublished": "2025-12-03T18:55:32.222Z",
    "dateReserved": "2025-10-22T16:06:55.078Z",
    "dateUpdated": "2026-01-14T18:58:12.978Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-8291 (GCVE-0-2025-8291)

Vulnerability from cvelistv5 – Published: 2025-10-07 18:10 – Updated: 2025-12-02 17:43

Title

ZIP64 End of Central Directory (EOCD) Locator record offset not checked

Summary

The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations. Remediation maintains this behavior, but checks that the offset specified in the ZIP64 EOCD Locator record matches the expected value.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE

CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input

Assigner

PSF

References

URL

Tags

	https://github.com/python/cpython/pull/139702	patch
	https://mail.python.org/archives/list/security-an…	vendor-advisory
	https://github.com/python/cpython/issues/139700	issue-tracking
	https://github.com/python/cpython/commit/162997bb…	patch
	https://github.com/python/cpython/commit/333d4a6f…	patch
	https://github.com/python/cpython/commit/1d29afb0…	patch
	https://github.com/python/cpython/commit/76437ac2…	patch
	https://github.com/python/cpython/commit/8392b2f0…	patch
	https://github.com/python/cpython/commit/bca11ae7…	patch
	https://github.com/python/cpython/commit/d11e69d6…	patch

Impacted products

	Vendor	Product	Version
	Python Software Foundation	CPython	Affected: 0 , < 3.9.24 (python) Affected: 3.10.0 , < 3.10.19 (python) Affected: 3.11.0 , < 3.11.14 (python) Affected: 3.12.0 , < 3.12.12 (python) Affected: 3.13.0 , < 3.13.10 (python) Affected: 3.14.0 , < 3.14.1 (python)

Credits

Caleb Brown (Google) Serhiy Storchaka Seth Larson

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8291",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-29T15:15:06.403842Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1285",
                "description": "CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-29T15:15:27.172Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory"
            ],
            "url": "https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2025-12.json"
          },
          {
            "tags": [
              "technical-description",
              "exploit"
            ],
            "url": "https://github.com/google/security-research/security/advisories/GHSA-hhv7-p4pg-wm6p"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.9.24",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.10.19",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.14",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.12",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.10",
              "status": "affected",
              "version": "3.13.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.14.1",
              "status": "affected",
              "version": "3.14.0",
              "versionType": "python"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Caleb Brown (Google)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Serhiy Storchaka"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Seth Larson"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe \u0027zipfile\u0027 module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the \u0027zipfile\u0027 module\ncompared to other ZIP implementations.\u003c/p\u003e\n\u003cp\u003eRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.\u003c/p\u003e"
            }
          ],
          "value": "The \u0027zipfile\u0027 module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the \u0027zipfile\u0027 module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-02T17:43:54.139Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/139702"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/139700"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/76437ac248ad8ca44e9bf697b02b1e2241df2196"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/8392b2f0d35678407d9ce7d95655a5b77de161b4"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/bca11ae7d575d87ed93f5dd6a313be6246e3e388"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/d11e69d6203080e3ec450446bfed0516727b85c3"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "ZIP64 End of Central Directory (EOCD) Locator record offset not checked",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2025-8291",
    "datePublished": "2025-10-07T18:10:05.908Z",
    "dateReserved": "2025-07-28T21:05:06.237Z",
    "dateUpdated": "2025-12-02T17:43:54.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2026:0133-1

CVE-2025-13836 (GCVE-0-2025-13836)

CVE-2025-12084 (GCVE-0-2025-12084)

CVE-2025-8291 (GCVE-0-2025-8291)

Tags

Sightings

Nomenclature