Muaj qhov tsis zoo (CVE-2026-6100) tau pom nyob rau hauv cov chav kawm decompression ntawm cov ntaub ntawv lzma, bz2, thiab gzip compressed (lzma.LZMADecompressor, bz2.BZ2Decompressor, thiab gzip.GzipFile) uas muab nrog CPython. Qhov tsis zoo no ua rau muaj kev nkag mus rau hauv lub cim xeeb tom qab dawb. Qhov teeb meem tau raug muab qib hnyav heev (9.1 ntawm 10). Yog tias siv tau zoo, nws tuaj yeem ua rau cov ntaub ntawv xau los ntawm lub cim xeeb txheej txheem lossis kev ua haujlwm ntawm tus neeg tawm tsam thaum decompressing cov ntaub ntawv tsim tshwj xeeb. Kev kho tam sim no muaj nyob rau hauv daim ntawv kho.
Qhov teeb meem no tshwm sim tom qab kev ua haujlwm faib lub cim xeeb ua tiav nrog qhov yuam kev tawm ntawm lub cim xeeb (kom siv tau qhov tsis zoo no, tus neeg tawm tsam yuav tsum tsim cov xwm txheej uas siv lub cim xeeb ntawm cov txheej txheem tag). Kev nkag mus rau lub cim xeeb uas twb tau tso tawm lawm tshwm sim hauv cov ntawv thov uas rov siv dua ib qho piv txwv tom qab muaj qhov yuam kev rov qab los thaum lub sijhawm unpacking. Cov ntawv thov uas tsim ib qho piv txwv tshiab nrog txhua qhov kev hu tsis yog qhov tsis zoo.
Tau qhov twg los: opennet.ru
