CVE-2024-6232

HIGH

CPython < 3.8.20 - Denial of Service via TarFile Header Parsing ReDoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-6232. PoCs published by bgutowski.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-6232, leveraging a Python Tarfile realpath overflow to achieve local privilege escalation by adding a user to the sudoers file. The exploit crafts a malicious tar file that bypasses security filters and writes to /etc/sudoers.d/.

Description

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

Exploits (1)

github WORKING POC

by bgutowski · pythonpoc

https://github.com/bgutowski/CVE-2025-4517-POC-Sudoers

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-6232, leveraging a Python Tarfile realpath overflow to achieve local privilege escalation by adding a user to the sudoers file. The exploit crafts a malicious tar file that bypasses security filters and writes to /etc/sudoers.d/.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Python tarfile module (versions affected by CVE-2024-6232)

No auth needed

Prerequisites: Local access to the target system · Ability to execute Python scripts · Write permissions to a directory where the tar file can be created

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.003 - Sudo and Sudo Caching

devstral-2 · analyzed Feb 19, 2026 Full analysis →