Cpython
Monthly
CPython's base64.b64decode() function prematurely stops processing after encountering the first padded quad, allowing malformed base64 data to be accepted that may be interpreted differently by other implementations. This affects CPython 3.13.x before 3.13.13, 3.14.x before 3.14.4, and 3.15.0a1 before 3.15.0a8, with authenticated remote attackers on high-complexity networks potentially inducing information disclosure (CVSS 6.0, EPSS risk level moderate). Upstream fixes are available in tagged commits; users should upgrade to patched versions or enable validate=True parameter for stricter base64 validation.
CPython's base64.b64decode() function prematurely stops processing after encountering the first padded quad, allowing malformed base64 data to be accepted that may be interpreted differently by other implementations. This affects CPython 3.13.x before 3.13.13, 3.14.x before 3.14.4, and 3.15.0a1 before 3.15.0a8, with authenticated remote attackers on high-complexity networks potentially inducing information disclosure (CVSS 6.0, EPSS risk level moderate). Upstream fixes are available in tagged commits; users should upgrade to patched versions or enable validate=True parameter for stricter base64 validation.