CVE-2024-3772

NameCVE-2024-3772
DescriptionRegular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pydantic (PTS)bullseye1.7.4-1vulnerable
bookworm1.10.4-1vulnerable
trixie2.10.3-1fixed
sid2.10.4-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pydanticsource(unstable)1.10.13-0.1

Notes

[bookworm] - pydantic <no-dsa> (Minor issue)
[bullseye] - pydantic <no-dsa> (Minor issue)
https://github.com/pydantic/pydantic/pull/7360
https://github.com/pydantic/pydantic/commit/e4393ae6145c4dadff739990bb0116c6dec3441b (v2.4.0)
https://github.com/pydantic/pydantic/pull/7673
https://github.com/pydantic/pydantic/commit/59d8f38fd6220e3917c53785dbc70317d6f8e631 (v1.0.13)

Search for package or bug name: Reporting problems