CVE-2024-8088 Infinite loop when iterating over zip archive entry names from zipfile.Path

🗓️ 22 Aug 2024 18:45:31Reported by PSFType

CVE-2024-8088 Infinite loop in "zipfile" modul

Reporter	Title	Published	Views	Family All 367
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Rapid Infrastructure Automation	28 May 202514:39	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: AIX is affected by multiple vulnerabilities due to Python	5 Nov 202422:07	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Python CPython affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.	28 Mar 202515:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities in Python.	6 Mar 202522:37	–	ibm
Tenable Nessus	Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2024-788)	11 Dec 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2024-790)	16 Dec 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : python38 (ALASPYTHON3.8-2024-016)	13 Nov 202400:00	–	nessus
Tenable Nessus	AlmaLinux 8 : python39:3.9 and python39-devel:3.9 (ALSA-2024:5962)	29 Aug 202400:00	–	nessus
Tenable Nessus	AlmaLinux 8 : python3.12 (ALSA-2024:6961)	25 Sep 202400:00	–	nessus

[
  {
    "defaultStatus": "unaffected",
    "product": "CPython",
    "repo": "https://github.com/python/cpython",
    "vendor": "Python Software Foundation",
    "versions": [
      {
        "lessThan": "3.8.20",
        "status": "affected",
        "version": "0",
        "versionType": "python"
      },
      {
        "lessThan": "3.9.20",
        "status": "affected",
        "version": "3.9.0",
        "versionType": "python"
      },
      {
        "lessThan": "3.10.15",
        "status": "affected",
        "version": "3.10.0",
        "versionType": "python"
      },
      {
        "lessThan": "3.11.10",
        "status": "affected",
        "version": "3.11.0",
        "versionType": "python"
      },
      {
        "lessThan": "3.12.6",
        "status": "affected",
        "version": "3.12.0",
        "versionType": "python"
      },
      {
        "lessThan": "3.13.0rc2",
        "status": "affected",
        "version": "3.13.0a1",
        "versionType": "python"
      }
    ]
  }
]

Source	Link
github	www.github.com/python/cpython/commit/0aa1ee22ab6e204e9d3d0e9dd63ea648ed691ef1
github	www.github.com/python/cpython/issues/122905
github	www.github.com/python/cpython/issues/123270
github	www.github.com/python/cpython/commit/962055268ed4f2ca1d717bfc8b6385de50a23ab7
github	www.github.com/python/cpython/commit/fc0b8259e693caa8400fa8b6ac1e494e47ea7798
mail	www.mail.python.org/archives/list/[email protected]/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/
github	www.github.com/python/cpython/commit/e0264a61119d551658d9445af38323ba94fc16db
github	www.github.com/python/cpython/commit/7e8883a3f04d308302361aeffc73e0e9837f19d4
github	www.github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64
github	www.github.com/python/cpython/pull/122906

07 Oct 2025 18:23Current

CVSS 48.7

EPSS0.01275

CWE-835