NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-3276

Summary	unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.
Publication Date	June 4, 2026, 1:16 a.m.
Registration Date	June 4, 2026, 4:16 a.m.
Last Update	June 5, 2026, 3:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/python/cpython/commit/6b505d1f41f8f3ea0fe5a4786d3a8fff1875cfc0	cna@python.org
2	https://github.com/python/cpython/commit/991224b1e8311c85f198f6dd8208bf8cff7fc26f	cna@python.org
3	https://github.com/python/cpython/commit/ba785b88add96acbf403d65cb157fb2743a33a32	cna@python.org
4	https://github.com/python/cpython/commit/c5512bd7c1dc28055660565275012766941d3066	cna@python.org
5	https://github.com/python/cpython/issues/149079	cna@python.org
6	https://github.com/python/cpython/pull/149080	cna@python.org
7	https://mail.python.org/archives/list/security-announce@python.org/thread/PP5HB4K7727OBBM76KA2ILID76K3OZGZ/	cna@python.org
8	http://www.openwall.com/lists/oss-security/2026/06/03/15	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-407	アルゴリズムの複雑性	https://cwe.mitre.org/data/definitions/407.html