Author vstinner
Recipients christian.heimes, rschiron, vstinner
Date 2020-01-15.10:12:31
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Is this issue a duplicate of bpo-36260 "[security] CVE-2019-9674: Zip Bomb vulnerability" which has been closed by documenting the issue (without touching

The zipfile documentation now contains an explicit warning against ZIP bombs:

Resources limitations

The lack of memory or disk volume would lead to decompression failed. For example, decompression bombs (aka ZIP bomb) apply to zipfile library that can cause disk volume exhaustion.

Note: bpo-36462 "CVE-2019-9674 : zip bomb vulnerability in Lib/" was closed as duplicate of bpo-36260.
Date User Action Args
2020-01-15 10:12:31vstinnersetrecipients: + vstinner, christian.heimes, rschiron
2020-01-15 10:12:31vstinnersetmessageid: <>
2020-01-15 10:12:31vstinnerlinkissue39341 messages
2020-01-15 10:12:31vstinnercreate