What is CVE-2022-48564?

CVE-2022-48564 is a vulnerability in Python through 3.9.1 that can lead to a potential denial-of-service (DoS) attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.

How does CVE-2022-48564 affect Python?

CVE-2022-48564 affects Python versions up to and including 3.9.1.

What is the severity level of CVE-2022-48564?

The severity level of CVE-2022-48564 is medium with a CVSS score of 6.5.

How can I mitigate the impact of CVE-2022-48564?

To mitigate the impact of CVE-2022-48564, it is recommended to update Python to version 3.9.2 or later.

Where can I find more information about CVE-2022-48564?

More information about CVE-2022-48564 can be found at the following references: [Link 1](https://bugs.python.org/issue42103), [Link 2](https://security.netapp.com/advisory/ntap-20230929-0009/).

Vulnerability/
CVE-2022-48564

medium

6.5

CWE

400

22/8/2023

3/8/2024

CVE-2022-48564

First published: Tue Aug 22 2023(Updated: )

Last updated 24 July 2024

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Python Python	<3.7.7
Python Python	>=3.8.0<3.8.2
Python Python	>=3.9.0<3.9.1
Python Python	=3.10.0-alpha1
redhat/python	<3.10.0	3.10.0
redhat/python	<3.9.1	3.9.1
redhat/python	<3.8.7	3.8.7
redhat/python	<3.7.10	3.7.10
redhat/python	<3.6.13	3.6.13
Python Python	<3.6.13
Python Python	>=3.7.0<3.7.10
Python Python	>=3.8.0<3.8.7
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp Active Iq Unified Manager Windows
IBM QRadar SIEM	<=7.5 - 7.5.0 UP8 IF01
debian/pypy3		7.3.5+dfsg-2+deb11u2 7.3.5+dfsg-2+deb11u3 7.3.11+dfsg-2+deb12u2 7.3.17+dfsg-2
debian/python2.7		2.7.18-8+deb11u1
debian/python3.9		3.9.2-1

Remedy

https://bugs.python.org/issue42103

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7150684

Frequently Asked Questions

What is CVE-2022-48564?
CVE-2022-48564 is a vulnerability in Python through 3.9.1 that can lead to a potential denial-of-service (DoS) attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
How does CVE-2022-48564 affect Python?
CVE-2022-48564 affects Python versions up to and including 3.9.1.
What is the severity level of CVE-2022-48564?
The severity level of CVE-2022-48564 is medium with a CVSS score of 6.5.
How can I mitigate the impact of CVE-2022-48564?
To mitigate the impact of CVE-2022-48564, it is recommended to update Python to version 3.9.2 or later.
Where can I find more information about CVE-2022-48564?
More information about CVE-2022-48564 can be found at the following references: [Link 1](https://bugs.python.org/issue42103), [Link 2](https://security.netapp.com/advisory/ntap-20230929-0009/).

collector/nvd-index
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/remedy
agent/weakness
agent/author
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-48564
agent/software-canonical-lookup
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-api
collector/ibm-support
source/IBM
agent/severity
agent/description
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
vendor/python
canonical/python python
version/python python/3.8.0
version/python python/3.9.0
version/python python/3.10.0-alpha1
package-manager/redhat
version/python python/3.7.0
vendor/netapp
canonical/netapp active iq unified manager vmware vsphere
canonical/netapp active iq unified manager windows
vendor/ibm
canonical/ibm qradar siem
version/ibm qradar siem/7.5 - 7.5.0 up8 if01
package-manager/debian