Description
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo._read() in archiveinfo.py used an O(n^2) cumulative sum pattern for attacker-controlled numstreams values parsed from archive headers, allowing a crafted .7z archive to cause excessive CPU consumption during SevenZipFile.init() before extraction. This issue is fixed in version 1.1.3.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-h4gh-22qq-72r7 | py7zr: O(n^2) algorithmic complexity DoS in PackInfo._read() |
References
History
Wed, 08 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Miurahr
Miurahr py7zr |
|
| Vendors & Products |
Miurahr
Miurahr py7zr |
Wed, 08 Jul 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo._read() in archiveinfo.py used an O(n^2) cumulative sum pattern for attacker-controlled numstreams values parsed from archive headers, allowing a crafted .7z archive to cause excessive CPU consumption during SevenZipFile.init() before extraction. This issue is fixed in version 1.1.3. | |
| Title | py7zr: O(n^2) algorithmic complexity DoS in PackInfo._read() | |
| Weaknesses | CWE-407 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-08T20:32:09.905Z
Reserved: 2026-06-16T16:16:32.627Z
Link: CVE-2026-55206
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T21:30:08Z
Weaknesses
-
CWE-407
Inefficient Algorithmic Complexity
Github GHSA