CVE-2024-6232

HIGH

CPython - ReDoS

Title source: llm

Description

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

Exploits (1)

github WORKING POC

by bgutowski · pythonpoc

https://github.com/bgutowski/CVE-2025-4517-POC-Sudoers

View Code ZIP pw:eip

References (13)

[Patch] https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4

[Patch] https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06

[Patch] https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4

[Patch] https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d

[Patch] https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877

[Patch] https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf

View Patch ZIP pw:eip

[Patch] https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373

[Exploit, Issue Tracking, Patch] https://github.com/python/cpython/issues/121285

[Issue Tracking, Patch] https://github.com/python/cpython/pull/121286

[Vendor Advisory] https://mail.python.org/archives/list/[email protected]/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2024/09/03/5

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20241018-0007/

Scores

CVSS v3 7.5

EPSS 0.0318

EPSS Percentile 86.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-1333

Status published

Affected Products (13)

python/python < 3.8.20

python/python

Timeline

Published Sep 03, 2024

Tracked Since Feb 18, 2026