FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Python -- configparser vulnerable to excessive CPU use

Affected packages
0	<=	python310
0	<=	python311
0	<=	python312
0	<=	python313
		python314	<	3.14.4

Details

VuXML ID	5ec4dcf6-3588-11f1-b51c-6dd25bec137b
Discovery	2026-03-23
Entry	2026-04-12

Stan Ulbrych reports:

configparser.RawConfigParser.{OPTCRE,OPTCRE_NV} regexes [are] vulnerable to quadratic backtracking.

[source]

References

URL	https://github.com/python/cpython/issues/146333

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.