CVE-2024-6232

High

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during…

PSF·CWE-1333·Published 2024-09-03

CVSS

7.5

EPSS

0.02

KEV

Exploits

Vendor statements (1)

mail.python.org

cve.orgen

221 chars

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

NVDes

254 chars

Existe una vulnerabilidad de gravedad MEDIA que afecta a CPython. Las expresiones regulares que permitían un retroceso excesivo durante el análisis de cabeceras tarfile.TarFile son vulnerables a ReDoS a través de archivos tar manipulados específicamente.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Secondary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H