Lucene search
K

5 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-55206

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo.read in archiveinfo.py used an On^2 cumulative sum pattern for attacker-controlled numstreams values parsed from archive headers, allowing a crafted...

8.7CVSS0.00321EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-55206 py7zr: O(n^2) algorithmic complexity DoS in PackInfo._read()

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo.read in archiveinfo.py used an On^2 cumulative sum pattern for attacker-controlled numstreams values parsed from archive headers, allowing a crafted...

8.7CVSS0.00321EPSS
Exploits0References3
CVE
CVE
added 6 days ago18 views

CVE-2026-55206

CVE-2026-55206 (py7zr) affects the Python-based 7z library py7zr. The root cause is an O(n^2) cumulative-sum implementation in PackInfo._read() (archiveinfo.py) that parses attacker-controlled numstreams from archive headers. This causes excessive CPU usage during SevenZipFile.init() before extra...

8.7CVSS5.9AI score0.00321EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 9:16 p.m.7 views

GHSA-H4GH-22QQ-72R7 py7zr: O(n^2) algorithmic complexity DoS in PackInfo._read()

Summary PackInfo.read uses an On^2 cumulative sum pattern where numstreams is read directly from the archive header. A crafted .7z archive with a large numstreams value causes excessive CPU consumption during SevenZipFile.init — no extraction is needed. A 50 KB archive takes 7 seconds of CPU time...

6.9CVSS5.8AI score0.00321EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/19 9:16 p.m.6 views

Inefficient Algorithmic Complexity

Overview py7zr is a Pure python 7-zip library Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the PackInfo.read function. An attacker can cause excessive CPU consumption by providing a crafted archive with a large number of streams, leading to...

8.7CVSS5.9AI score0.00321EPSS
Exploits0References2
Rows per page
Query Builder