{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-6232", "ASSIGNER": "cna@python.org", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "There is a MEDIUM severity vulnerability affecting CPython.\n\n\n\n\n\nRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-1333 Inefficient Regular Expression Complexity", "cweId": "CWE-1333" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Python Software Foundation", "product": { "product_data": [ { "product_name": "CPython", "version": { "version_data": [ { "version_affected": "<", "version_name": "0", "version_value": "3.8.20" }, { "version_affected": "<", "version_name": "3.9.0", "version_value": "3.9.20" }, { "version_affected": "<", "version_name": "3.10.0", "version_value": "3.10.15" }, { "version_affected": "<", "version_name": "3.11.0", "version_value": "3.11.10" }, { "version_affected": "<", "version_name": "3.12.0", "version_value": "3.12.6" }, { "version_affected": "<", "version_name": "3.13.0a1", "version_value": "3.13.0rc2" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://github.com/python/cpython/pull/121286", "refsource": "MISC", "name": "https://github.com/python/cpython/pull/121286" }, { "url": "https://github.com/python/cpython/issues/121285", "refsource": "MISC", "name": "https://github.com/python/cpython/issues/121285" }, { "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/", "refsource": "MISC", "name": "https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/" }, { "url": "https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06", "refsource": "MISC", "name": "https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06" }, { "url": "https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4", "refsource": "MISC", "name": "https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4" }, { "url": "https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf", "refsource": "MISC", "name": "https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf" }, { "url": "https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373", "refsource": "MISC", "name": "https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373" }, { "url": "https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d", "refsource": "MISC", "name": "https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d" }, { "url": "https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877", "refsource": "MISC", "name": "https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877" }, { "url": "https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4", "refsource": "MISC", "name": "https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4" } ] }, "generator": { "engine": "Vulnogram 0.2.0" }, "source": { "discovery": "UNKNOWN" }, "credits": [ { "lang": "en", "value": "Elias Joakim Myllym\u00e4ki" }, { "lang": "en", "value": "Seth Larson" }, { "lang": "en", "value": "Seth Larson" }, { "lang": "en", "value": "Gregory P. Smith" } ] }