6.2
CVE-2024-0450
- EPSS 0.19%
- Published 19.03.2024 16:15:09
- Last modified 11.04.2025 22:15:28
- Source cna@python.org
- Teams watchlist Login
- Open Login
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Vendorpython
≫
Product
cpython
Default Statusunknown
Version <
3.8.18
Version
0
Status
affected
Version
3.9.18
Status
affected
Version
3.10.13
Status
affected
Version
3.11.7
Status
affected
Version
3.12.1
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.414 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| cna@python.org | 6.2 | 2.5 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-405 Asymmetric Resource Consumption (Amplification)
The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric."