Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-6232HistorySep 03, 2024 - 1:15 p.m.
CVE-2024-6232
2024-09-0313:15:05
Debian Security Bug Tracker
security-tracker.debian.org
5
cpython
vulnerability
tarfile
redos
unix
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
6.9
Confidence
Low
EPSS
0.001
Percentile
44.5%
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | python2.7 | <= 2.7.18-8+deb11u1 | python2.7_2.7.18-8+deb11u1_all.deb |
| Debian | 12 | all | python3.11 | <= 3.11.2-6+deb12u2 | python3.11_3.11.2-6+deb12u2_all.deb |
| Debian | 999 | all | python3.12 | < 3.12.6-1 | python3.12_3.12.6-1_all.deb |
| Debian | 13 | all | python3.12 | < 3.12.6-1 | python3.12_3.12.6-1_all.deb |
| Debian | 999 | all | python3.13 | < 3.13.0~rc2-1 | python3.13_3.13.0~rc2-1_all.deb |
| Debian | 13 | all | python3.13 | < 3.13.0~rc2-1 | python3.13_3.13.0~rc2-1_all.deb |
| Debian | 11 | all | python3.9 | <= 3.9.2-1 | python3.9_3.9.2-1_all.deb |
Related
fedora
fedora
[SECURITY] Fedora 40 Update: python3.6-3.6.15-37.fc40
2024-09-12 01:28:50
[SECURITY] Fedora 41 Update: python3.13-3.13.0~rc2-1.fc41
2024-09-16 00:15:48
[SECURITY] Fedora 41 Update: python3-docs-3.13.0~rc2-1.fc41
2024-09-16 00:15:48
alpinelinux
alpinelinux
CVE-2024-6232
2024-09-03 13:15:05
nessus
nessus
Fedora 39 : python3.6 (2024-7dc0f381f1)
2024-09-19 00:00:00
Fedora 40 : python3.6 (2024-02027448d8)
2024-09-12 00:00:00
Fedora 39 : python3.13 (2024-f2fc325c40)
2024-09-17 00:00:00
osv
osv
CGA-f7mv-c5gc-96cg
2024-09-06 16:19:48
CGA-9w4w-94rw-h33x
2024-09-11 20:19:57
PSF-2024-11
2024-09-03 12:29:00
redhatcve
redhatcve
CVE-2024-6232
2024-09-03 20:40:35
vulnrichment
vulnrichment
CVE-2024-6232 Regular-expression DoS when parsing TarFile headers
2024-09-03 12:29:00
openvas
openvas
Fedora: Security Advisory (FEDORA-2024-02027448d8)
2024-09-12 00:00:00
Fedora: Security Advisory (FEDORA-2024-7dc0f381f1)
2024-09-19 00:00:00
Fedora: Security Advisory (FEDORA-2024-1d0cb3b43f)
2024-09-16 00:00:00
wolfi
wolfi
CVE-2024-6232 vulnerabilities
2024-09-19 21:18:36
cvelist
cvelist
CVE-2024-6232 Regular-expression DoS when parsing TarFile headers
2024-09-03 12:29:00
nvd
nvd
CVE-2024-6232
2024-09-03 13:15:05
cve
cve
CVE-2024-6232
2024-09-03 13:15:05
slackware
slackware
[slackware-security] python3
2024-09-09 01:06:11
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
6.9
Confidence
Low
EPSS
0.001
Percentile
44.5%
Related for DEBIANCVE:CVE-2024-6232