Linux Distros Unpatched Vulnerability : CVE-2024-8088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a HIGH severity vulnerability affecting the CPython zipfile module affecting zipfile.Path. Note that the more common API zipfile.ZipFile class is...

Linux Distros Unpatched Vulnerability : CVE-2024-0450

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to...

CLSA-2025-1741126677 python3.11: Fix of 3 CVEs

CVE-2024-4032: update 'ipaddress' module to correct isprivate and isglobal properties based on latest IANA information - CVE-2024-6923: properly quote newlines for email headers to prevent header injection - CVE-2024-8088: fix issue causing infinite loop when iterating over names of entries in a...

Google Android Input Validation Malpractice Vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an improper input validation vulnerability that originates from improper input validation in Source of ZipFile.java, no details of the vulnerability are provided at this time...

Azure Linux 3.0 Security Update: python3 (CVE-2024-0450)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0450 advisory. - An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1098)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1111)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2025:20065-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2024-8088: Fixed a denial of service in zipfile bsc1229704 - CVE-2024-6232: Fixed a ReDos via excessive backtracking while parsing header values bsc1230227 - CVE-2024-7592: Fixed a denial of service in the http.cookies module bsc1229596...

Security update for python311

This update for python311 fixes the following issues: CVE-2024-8088: Fixed a denial of service in zipfile bsc1229704 CVE-2024-6232: Fixed a ReDos via excessive backtracking while parsing header values bsc1230227 CVE-2024-7592: Fixed a denial of service in the http.cookies module bsc1229596 Patch...

Security update for python311, python-rpm-macros

This update for python311, python-rpm-macros fixes the following issues: python311: - CVE-2024-0450: Fixed zipfile module vulnerability with "quoted-overlap" zipbomb bsc1221854 - CVE-2024-4032: Fixed incorrect IPv4 and IPv6 private ranges bsc1226448 - CVE-2024-0397: Fixed memory race condition...

CVE-2024-40673

In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

UBUNTU-CVE-2024-40673

In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

BIT-PYTHON-MIN-2024-0450 Quoted zip-bomb protection for zipfile

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

SQLite report about CVE-2025-70873

When using the zipfile extension not a part of standard SQLite but usually included in builds of the CLI, a malformed ZIP file input can result in an out-of-bounds read. Reported by forum post 2025-12-06T16:46:32Z and fixed in trunk by check-in 2025-12-06T23:58:09.413Z...

BIT-PYTHON-2024-0450 Quoted zip-bomb protection for zipfile

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

python-libarchive directory traversal

python-libarchive through 4.2.1 allows directory traversal to create files in extract in zip.py for ZipFile.extractall and ZipFile.extract...

CVE-2024-55587

python-libarchive through 4.2.1 allows directory traversal to create files in extract in zip.py for ZipFile.extractall and ZipFile.extract...

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2024-2971)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A defect was discovered in the Python ssl module where there is a memory race condition with the ssl.SSLContext methods certstorestats and...

Medium: python3.11

Issue Overview: The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which...

EulerOS 2.0 SP12 : python3 (EulerOS-SA-2024-2957)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : There is a MEDIUM severity vulnerability affecting CPython. The socket module provides a pure- Python fallback to the socket.socketpair function...