392 matches found
ALPINE-CVE-2024-0450
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
AZL-42573 CVE-2024-0450 affecting package python3 for versions less than 3.12.3-1
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
CVE-2024-0450
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
DEBIAN-CVE-2024-0450
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
CVE-2024-0450
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
UBUNTU-CVE-2024-0450
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
CVE-2024-0450
The CVE-2024-0450 issue affects the CPython zipfile module across multiple releases (3.12.1, 3.11.7, 3.10.13, 3.9.18, 3.8.18 and earlier). It exploits the zip format via “quoted-overlap” zip-bombs, where crafted archives with overlapping entries can cause excessive processing. The fixed CPython r...
CVE-2024-0450
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
CVE-2024-0450 Quoted zip-bomb protection for zipfile
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
CVE-2024-0450
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
CVE-2024-0450 Quoted zip-bomb protection for zipfile
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
PSF-2024-2
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
Python Security Vulnerabilities
Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and earlier versions, which...
PT-2023-9227 · Python +12 · Cpython +12
Name of the Vulnerable Software and Affected Versions: CPython versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior Description: The CPython zipfile module is vulnerable to “quoted-overlap” zip-bombs, which exploit the zip format to create a zip-bomb with a high compression ratio. This...
OSV-2023-542 Security exception in net.jsign.appx.Zip64EndOfCentralDirectoryRecord.read
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60308 Crash type: Security exception Crash state: net.jsign.appx.Zip64EndOfCentralDirectoryRecord.read net.jsign.appx.CentralDirectory.read net.jsign.appx.ZipFile...
PT-2023-35895 · Unknown · Net.Jsign.Appx
Name of the Vulnerable Software and Affected Versions: net.jsign.appx affected versions not specified Description: A security exception occurs due to a crash in the net.jsign.appx module. The crash happens when reading the Zip64EndOfCentralDirectoryRecord and CentralDirectory in the ZipFile class...
SUSE CVE-2015-7804
Off-by-one error in the pharparsezipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service uninitialized pointer dereference and application crash by including the / filename in a .zip PHAR archive...
SUSE CVE-2019-9674
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service resource consumption via a ZIP bomb...
SUSE CVE-2020-7068
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, pharparsezipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure...
CVE-2022-23530
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...