Name | CVE-2024-6232 |
Description | There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
The information below is based on the following data on fixed versions.
Notes
[bookworm] - python3.11 <no-dsa> (Minor issue)
[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
https://github.com/python/cpython/issues/121285
https://github.com/python/cpython/pull/121286
https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373 (v3.13.0rc2)
https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06 (v3.12.6)
https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf (v3.11.10)
https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4 (v3.10.15)