Mailman 3 [CVE-2024-6232] Regular-expression DoS when parsing TarFile headers - Security-announce - python.org

newer
[CVE-2024-9287] Virtual...

[CVE-2024-6232] Regular-expression DoS when parsing TarFile headers

older
[CVE-2024-8088] Infinite loop when...

Seth Larson

Sept. 3, 2024

5:30 a.m.

There is a MEDIUM severity vulnerability affecting CPython.

Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

Please see the linked CVE ID for the latest information on affected versions:

Attachments:

attachment.html (text/html — 606 bytes)

Reply

Sign in to reply online Use email software

Show replies by date

233

Age (days ago)

233

Last active (days ago)

Download

0 comments

1 participants

tags

participants (1)

Seth Larson