Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-0450

Published: 19/03/2024 Updated: 03/04/2024

Vulnerability Summary

An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.

Vendor Advisories

Amazon Linux 2: ALAS-2024-2515
An issue was found in the CPython `zipfile` module affecting versions 3122, 3118, 31013, 3918, and 3818 and prior The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio The fixed versions of CPython makes the zipfile module reject zip archives which ...

Mailing Lists

Full Disclosure: Security fixes in Python 3.10.14, 3.9.19, and 3.8.19 (CVE-2023-6597 & CVE-2024-0450)
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Security fixes in Python 31014, 3919, and 3819 (CVE-2023-6597 &amp; CVE-2024-0450) <!--X-Subject-Header-End--> <!--X-Hea ...

References

https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842ebahttps://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3bhttps://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183https://github.com/python/cpython/issues/109858https://www.bamsoftware.com/hacks/zipbomb/https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/https://lists.debian.org/debian-lts-announce/2024/03/msg00024.htmlhttps://lists.debian.org/debian-lts-announce/2024/03/msg00025.htmlhttps://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2024-2515.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook