Python 'zipfile' Module Vulnerability (Oct 2025) - Windows

Python is prone to a vulnerability in the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

AZL-68318 CVE-2025-8291 affecting package python3 for versions less than 3.12.9-5

The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...

CVE-2025-8291

The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...

DEBIAN-CVE-2025-8291

The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...

PSF-2025-12

The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...

Improper Handling of Length Parameter Inconsistency

Overview Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency in the zipfile module when the End of Central Directory EOCD Locator record offset is not properly validated. An attacker can modify a crafted ZIP archive to cause incorrect file...

EUVD-2024-16245

Malicious code in bioql PyPI...

EUVD-2024-48931

Malicious code in bioql PyPI...

EUVD-2022-0117

Malicious code in bioql PyPI...

EUVD-2024-2374

Malicious code in bioql PyPI...

USN-7015-7 python2.7 regression

USN-7015-4 fixed vulnerabilities in Python. It was discovered that the fix for CVE-2023-27043 for python2.7 was incorrectly applied on Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the...

Linux Distros Unpatched Vulnerability : CVE-2024-40673

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input...

BIT-LIBPHP-2020-7068 Use of freed hash key in the phar_parse_zipfile function

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, pharparsezipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure...

BIT-LIBPYTHON-2024-8088 Infinite loop when iterating over zip archive entry names from zipfile.Path

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive for example, methods of "zipfile.Path" like "namelist", "iterdir", etc...

BIT-LIBPYTHON-2024-0450 Quoted zip-bomb protection for zipfile

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

NewStart CGSL MAIN 7.02 : python3.11 Multiple Vulnerabilities (NS-SA-2025-0109)

The remote NewStart CGSL host, running version MAIN 7.02, has python3.11 packages installed that are affected by multiple vulnerabilities: - A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly,...

Security Bulletin: IBM Storage Ceph is vulnerable to zip-bombs leading to denial of service in the RHEL UBI (CVE-2024-0450)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2024-0450 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2024-0450 DESCRIPTION: An issue was found in the CPython zipfile module affecting...

TencentOS Server 3: python3 (TSSA-2024:0294)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0294 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 4: python3.12 (TSSA-2024:0711)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0711 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: python3.11 (TSSA-2024:0947)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0947 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...