CVE-2024-6232

There is a MEDIUM severity vulnerability affecting CPython.





Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
PSFCNA
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
pythonpython
𝑥
< 3.8.20
pythonpython
3.9.0 ≤
𝑥
< 3.9.20
pythonpython
3.10.0 ≤
𝑥
< 3.10.15
pythonpython
3.11.0 ≤
𝑥
< 3.11.10
pythonpython
3.12.0 ≤
𝑥
< 3.12.6
pythonpython
3.13.0:alpha0
pythonpython
3.13.0:alpha1
pythonpython
3.13.0:alpha2
pythonpython
3.13.0:alpha3
pythonpython
3.13.0:alpha4
pythonpython
3.13.0:alpha5
pythonpython
3.13.0:alpha6
pythonpython
3.13.0:beta1
pythonpython
3.13.0:beta2
pythonpython
3.13.0:beta3
pythonpython
3.13.0:beta4
pythonpython
3.13.0:rc1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pypy3
bullseye
postponed
bookworm
no-dsa
bullseye (security)
vulnerable
trixie
7.3.19+dfsg-2
fixed
forky
7.3.20+dfsg-2
fixed
sid
7.3.20+dfsg-2
fixed
python2.7
bullseye
vulnerable
bookworm
no-dsa
python3.11
bookworm
3.11.2-6+deb12u6
no-dsa
bullseye
postponed
bookworm (security)
vulnerable
python3.13
trixie
3.13.5-2
fixed
bullseye
postponed
bookworm
no-dsa
forky
3.13.7-1
fixed
sid
3.13.7-1
fixed
python3.9
bullseye
postponed
bookworm
no-dsa
bullseye (security)
3.9.2-1+deb11u3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python2.7
plucky
dne
oracular
dne
noble
dne
jammy
Fixed 2.7.18-13ubuntu1.3
released
focal
Fixed 2.7.18-1~20.04.5
released
bionic
not-affected
xenial
Fixed 2.7.12-1ubuntu0~16.04.18+esm12
released
trusty
Fixed 2.7.6-8ubuntu0.6+esm21
released
python3.4
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
Fixed 3.4.3-1ubuntu1~14.04.7+esm14
released
python3.5
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
dne
xenial
Fixed 3.5.2-2ubuntu0~16.04.13+esm14
released
trusty
Fixed 3.5.2-2ubuntu0~16.04.4~14.04.1+esm3
released
python3.6
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
Fixed 3.6.9-1~18.04ubuntu1.13+esm3
released
xenial
dne
trusty
dne
python3.7
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
Fixed 3.7.5-2ubuntu1~18.04.2+esm4
released
xenial
dne
trusty
dne
python3.8
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
Fixed 3.8.10-0ubuntu1~20.04.12
released
bionic
Fixed 3.8.0-3ubuntu1~18.04.2+esm3
released
xenial
dne
trusty
dne
python3.9
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
Fixed 3.9.5-3ubuntu0~20.04.1+esm3
released
bionic
dne
xenial
dne
trusty
dne
python3.10
plucky
dne
oracular
dne
noble
dne
jammy
Fixed 3.10.12-1~22.04.6
released
focal
dne
bionic
dne
xenial
dne
trusty
dne
python3.11
plucky
dne
oracular
dne
noble
dne
jammy
Fixed 3.11.0~rc1-1~22.04.1~esm2
released
focal
dne
bionic
dne
xenial
dne
trusty
dne
python3.12
plucky
dne
oracular
not-affected
noble
Fixed 3.12.3-1ubuntu0.2
released
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
python3.13
plucky
not-affected
oracular
not-affected
noble
dne
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne