CVE-2024-6232

CVSS V2 None CVSS V3 None

Description

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

Overview

CVE ID
CVE-2024-6232

Assigner
PSF

Vulnerability Status
PUBLISHED

Published Version
2024-09-03T12:29:00.102Z

Last Modified Date
2024-09-03T20:02:40.422Z

Weakness Enumerations

CWE	URL
CWE-1333	http://cwe.mitre.org/data/definitions/1333.html

References

Reference URL	Reference Tags
https://github.com/python/cpython/pull/121286	patch
https://github.com/python/cpython/issues/121285	issue-tracking
https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/	vendor-advisory
https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06	patch
https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4	patch
https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf	patch
https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373	patch

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-6232
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6232

History

Created	Old Value	New Value	Data Type	Notes
2024-09-04 13:06:13				Added to TrackCVE