[3.11] gh-145986: Avoid unbound C recursion in `conv_content_model` in `pyexpat.c` (CVE 2026-4224) (GH-145987) (#146000)
* [3.11] gh-145986: Avoid unbound C recursion in `conv_content_model` in `pyexpat.c` (CVE 2026-4224) (GH-145987) Fix C stack overflow (CVE-2026-4224) when an Expat parser with a registered `ElementDeclHandler` parses inline DTD containing deeply nested content model. --------- (cherry picked from commit eb0e8be3a7e11b87d198a2c3af1ed0eccf532768) (cherry picked from commit e5caf45faac) Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com> Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com> * Update Misc/NEWS.d/next/Security/2026-03-14-17-31-39.gh-issue-145986.ifSSr8.rst --------- Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
S
Stan Ulbrych committed
642865ddf4b232da1f3b1f7abcfa3254c4bfe785
Parent: 0d046de
Committed by GitHub <noreply@github.com>
on 4/8/2026, 10:27:39 AM