Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
CVE has been recently published to the CVE List and has been received by the NVD.
Products
CPython
Source
cna@python.org
Tags
CVE-2024-6232 details
Published : Sept. 3, 2024, 1:15 p.m.
Last Modified : Sept. 3, 2024, 3:15 p.m.
Last Modified : Sept. 3, 2024, 3:15 p.m.
Description
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-1333 | Inefficient Regular Expression Complexity | The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. |
References
This website uses the NVD API, but is not approved or certified by it.