Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.MARINER_CVE-2024-8088.NASLHistorySep 27, 2024 - 12:00 a.m.
CBL Mariner 2.0 Security Update: python3 (CVE-2024-8088)
2024-09-2700:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
2
CVSS4
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N/S:N/AU:N/R:U/RE:L
AI Score
7.1
Confidence
High
The version of python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-8088 advisory.
- There is a HIGH severity vulnerability affecting the CPython zipfile module affecting zipfile.Path.
Note that the more common API zipfile.ZipFile class is unaffected. When iterating over names of entries in a zip archive (for example, methods of zipfile.Path like namelist(), iterdir(), etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user- controlled zip archives are not affected. (CVE-2024-8088)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
File data mariner_CVE-2024-8088.naslRelated
cvelist
cvelist
debiancve
debiancve
CVE-2024-8088
2024-08-22 19:15:09
openvas
openvas
Python Infinite Loop Vulnerability (Aug 2024) - Mac OS X
2024-08-28 00:00:00
Fedora: Security Advisory (FEDORA-2024-dab2a69be9)
2024-09-10 00:00:00
Fedora: Security Advisory (FEDORA-2024-985017d277)
2024-09-10 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: python3.11-3.11.9-6.fc40
2024-08-31 02:04:16
[SECURITY] Fedora 39 Update: python3.13-3.13.0~rc1-3.fc39
2024-09-06 03:53:34
[SECURITY] Fedora 40 Update: python3.13-3.13.0~rc2-1.fc40
2024-09-12 01:28:47
osv
osv
python313-3.13.0~rc1-3.1 on GA media
2024-08-30 00:00:00
CGA-8x7f-rg65-f966
2024-09-25 05:18:11
CVE-2024-8088
2024-08-22 19:15:09
redos
redos
ROS-20240904-07
2024-09-04 00:00:00
redhatcve
redhatcve
CVE-2024-8088
2024-08-22 23:09:44
alpinelinux
alpinelinux
CVE-2024-8088
2024-08-22 19:15:09
nessus
nessus
Fedora 40 : python3.11 (2024-985017d277)
2024-08-31 00:00:00
Fedora 39 : python3.11 (2024-dab2a69be9)
2024-09-06 00:00:00
Fedora 40 : python3.12 (2024-afba3b5902)
2024-09-03 00:00:00
cve
cve
CVE-2024-8088
2024-08-22 19:15:09
wolfi
wolfi
CVE-2024-8088 vulnerabilities
2024-09-28 03:12:04
nvd
nvd
CVE-2024-8088
2024-08-22 19:15:09
vulnrichment
vulnrichment
cbl_mariner
cbl_mariner
CVE-2024-8088 affecting package python3 for versions less than 3.9.19-5
2024-09-26 19:15:25
ubuntucve
ubuntucve
CVE-2024-8088
2024-08-22 00:00:00
oraclelinux
oraclelinux
python3.11 security update
2024-09-24 00:00:00
python3.12 security update
2024-09-24 00:00:00
python39:3.9 and python39-devel:3.9 security update
2024-08-29 00:00:00
almalinux
almalinux
Moderate: python3.12 security update
2024-09-24 00:00:00
Moderate: python3.11 security update
2024-09-24 00:00:00
Moderate: python39:3.9 and python39-devel:3.9 security update
2024-08-28 00:00:00
redhat
redhat
(RHSA-2024:6961) Moderate: python3.12 security update
2024-09-24 00:02:56
(RHSA-2024:6962) Moderate: python3.11 security update
2024-09-24 00:02:58
mageia
mageia
Updated python3 packages fix security vulnerabilities
2024-09-27 04:30:52
slackware
slackware
[slackware-security] python3
2024-09-09 01:06:11
CVSS4
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N/S:N/AU:N/R:U/RE:L
AI Score
7.1
Confidence
High
Related for MARINER_CVE-2024-8088.NASL