CVE-2025-13837 — Uncontrolled Resource Consumption in Software Foundation Cpython

CWE-400 — Uncontrolled Resource Consumption CWE-770 — Allocation of Resources Without Limits or Throttling9 documents9 sources

Severity

2.1LOWNVD

EPSS

0.0%

top 89.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Python Software Foundation Cpython Python

Timeline

PublishedDec 1

Latest updateFeb 5

Description

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N

Affected Packages2 packages

▶NVDpython/python3.14.0 — 3.14.1+2

▶CVEListV5python_software_foundation/cpython3.11.0 — 3.11.15+5

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-qhx6-hpfj-8m4g: When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues↗2025-12-01

▶

CVEList

Out-of-memory when loading Plist↗2025-12-01

▶

OSV

CVE-2025-13837: When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues↗2025-12-01

▶

📋Vendor Advisories

Ubuntu

Python vulnerabilities↗2026-02-05

▶

Microsoft

Out-of-memory when loading Plist↗2025-12-09

▶

Red Hat

cpython: Out-of-memory when loading Plist↗2025-12-01

▶

Debian

CVE-2025-13837: pypy3 - When loading a plist file, the plistlib module reads data in size specified by t...↗2025

▶

💬Community

Bugzilla

CVE-2025-13837 cpython: Out-of-memory when loading Plist↗2025-12-01

▶