7.5

CVE-2024-6232

Exploit

There is a MEDIUM severity vulnerability affecting CPython.





Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

Data is provided by the National Vulnerability Database (NVD)
PythonPython Version < 3.8.20
PythonPython Version >= 3.9.0 < 3.9.20
PythonPython Version >= 3.10.0 < 3.10.15
PythonPython Version >= 3.11.0 < 3.11.10
PythonPython Version >= 3.12.0 < 3.12.6
PythonPython Version3.13.0 Updatealpha0
PythonPython Version3.13.0 Updatealpha1
PythonPython Version3.13.0 Updatealpha2
PythonPython Version3.13.0 Updatealpha3
PythonPython Version3.13.0 Updatealpha4
PythonPython Version3.13.0 Updatealpha5
PythonPython Version3.13.0 Updatealpha6
PythonPython Version3.13.0 Updatebeta1
PythonPython Version3.13.0 Updatebeta2
PythonPython Version3.13.0 Updatebeta3
PythonPython Version3.13.0 Updatebeta4
PythonPython Version3.13.0 Updaterc1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.55% 0.808
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-1333 Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.