CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N/S:N/AU:N/R:U/RE:L
AI Score
Confidence
High
EPSS
Percentile
17.8%
A flaw was found in Python’s zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
bugzilla.redhat.com/show_bug.cgi?id=2307370
github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e
github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64
github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea
github.com/python/cpython/issues/122905
github.com/python/cpython/pull/122906
mail.python.org/archives/list/[email protected]/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/
nvd.nist.gov/vuln/detail/CVE-2024-8088
www.cve.org/CVERecord?id=CVE-2024-8088