CVE-2024-6232

Published Sep 3, 2024

Last updated 2 months ago

CVSS high 7.5

Overview

Description: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
Source: cna@python.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-1333
cna@python.org: CWE-1333

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5621585D-59F4-4B27-9980-E7602EA0B750",
            "versionEndIncluding": "3.12.5"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.13.0:alpha0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BA51E41-D221-431F-870F-536AF2867B50"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.13.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "978582FF-B8F3-479F-AE77-359E9AEE6F23"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.13.0:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84E3F62C-7218-4DC3-8473-8A576739643A"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.13.0:alpha3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FD15706-B8BC-4801-9F93-06771F2E12C1"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.13.0:alpha4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FDC359F-E8ED-4777-83FB-1EC63F095CBF"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.13.0:alpha5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6893BDDE-4D90-4592-8701-C6B3FFEB0CFE"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.13.0:alpha6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E316F712-F03A-4378-8192-D1640819698B"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.13.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8566F034-27CB-422E-950B-DCAA926CF64F"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.13.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EACCE6C3-7701-4966-9D88-E949C82FCA46"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.13.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4853BF2-9C27-465F-9840-5B37013C9F74"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.13.0:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B266541A-E877-4CAD-A1EF-08A069441F36"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.13.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8384A34C-50CD-439C-A2BB-DEA6161342C1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References