[Python-Dev] XML DoS vulnerabilities and exploits in Python
Antoine Pitrou
solipsis at pitrou.net
Thu Feb 21 08:42:46 CET 2013
On Thu, 21 Feb 2013 02:29:08 -0500
Tres Seaver <tseaver at palladion.com> wrote:
>
> Antoine,
>
> A single, small,, malicious XML file can kill a machine (not just the
> process parsing it) by sucking all available RAM. We are talking hard
> lockup, reboot-to-fix-it sorts of DOC here.
Sure, but in many instances, rebooting a machine is not
business-threatening. You will have a couple of minutes' downtime and
that's all. Which is why the attack must be repeated many times to be a
major annoyance.
Regards
Antoine.
More information about the Python-Dev
mailing list