CVE-2024-6232: Regular-expression DoS when parsing TarFile headers
First published: Tue Sep 03 2024(Updated: )
Last updated 19 September 2024
Credit: cna@python.org cna@python.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Python Python | <=3.12.5 | |
| Python Python | =3.13.0-alpha0 | |
| Python Python | =3.13.0-alpha1 | |
| Python Python | =3.13.0-alpha2 | |
| Python Python | =3.13.0-alpha3 | |
| Python Python | =3.13.0-alpha4 | |
| Python Python | =3.13.0-alpha5 | |
| Python Python | =3.13.0-alpha6 | |
| Python Python | =3.13.0-beta1 | |
| Python Python | =3.13.0-beta2 | |
| Python Python | =3.13.0-beta3 | |
| Python Python | =3.13.0-beta4 | |
| Python Python | =3.13.0-rc1 | |
| F5 BIG-IP Next Central Manager | >=20.2.0<=20.2.1 | 20.3.0 |
| F5 BIG-IP Next SPK | >=1.7.0<=1.9.2 | |
| F5 BIG-IP Next CNF | >=1.1.0<=1.3.1 | |
| F5 BIG-IP | >=17.1.0<=17.1.1 | |
| F5 BIG-IP | >=16.1.0<=16.1.5 | |
| F5 BIG-IP | >=15.1.0<=15.1.10 | |
| F5 BIG-IQ Centralized Management | >=8.2.0<=8.3.0 | |
| F5 F5OS-A | >=1.7.0<=1.8.0>=1.5.1<=1.5.2 | |
| F5 F5OS-C | >=1.6.0<=1.6.2 | |
| debian/python2.7 | <=2.7.18-8+deb11u1 | |
| debian/python3.11 | <=3.11.2-6+deb12u3 | 3.11.2-6+deb12u4 |
| debian/python3.12 | 3.12.7-3 | |
| debian/python3.13 | 3.13.0-2 | |
| debian/python3.9 | <=3.9.2-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06
- https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4
- https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d
- https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877
- https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf
- https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373
- https://github.com/python/cpython/issues/121285
- https://github.com/python/cpython/pull/121286
- https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6232
- https://nvd.nist.gov/vuln/detail/CVE-2024-6232
- https://launchpad.net/bugs/cve/CVE-2024-6232
- https://security-tracker.debian.org/tracker/CVE-2024-6232
- https://ubuntu.com/security/CVE-2024-6232
- https://my.f5.com/manage/s/article/K000148252
- https://access.redhat.com/errata/RHSA-2024:6909
- https://access.redhat.com/errata/RHSA-2024:6975
- https://access.redhat.com/errata/RHSA-2024:7415
- https://access.redhat.com/errata/RHSA-2024:7647
- https://access.redhat.com/errata/RHSA-2024:8130
- https://access.redhat.com/errata/RHSA-2024:8359
- https://access.redhat.com/errata/RHSA-2024:8374
- https://access.redhat.com/errata/RHSA-2024:8447
- https://access.redhat.com/errata/RHSA-2024:8446
- https://access.redhat.com/errata/RHSA-2024:8490
- https://access.redhat.com/errata/RHSA-2024:8504
- https://access.redhat.com/errata/RHSA-2024:8797
- https://access.redhat.com/errata/RHSA-2024:8838
- https://access.redhat.com/errata/RHSA-2024:8836
- https://access.redhat.com/errata/RHSA-2024:8977
- https://access.redhat.com/errata/RHSA-2024:9450
- https://access.redhat.com/errata/RHSA-2024:9451
- https://access.redhat.com/errata/RHSA-2024:9468
- https://bugzilla.redhat.com/show_bug.cgi?id=2309426
- agent/weakness
- agent/title
- agent/type
- agent/first-publish-date
- collector/oss-sec
- source/oss-sec
- alias/CVE-2024-6232
- agent/remedy
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- collector/nvd-cve
- collector/usn-cve
- source/Ubuntu
- collector/mitre-cve
- source/MITRE
- collector/f5-advisory
- source/F5
- agent/severity
- agent/description
- agent/event
- agent/last-modified-date
- agent/references
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/redhat-bugzilla
- source/Red Hat
- vendor/python
- canonical/python python
- version/python python/3.12.5
- version/python python/3.13.0-alpha0
- version/python python/3.13.0-alpha1
- version/python python/3.13.0-alpha2
- version/python python/3.13.0-alpha3
- version/python python/3.13.0-alpha4
- version/python python/3.13.0-alpha5
- version/python python/3.13.0-alpha6
- version/python python/3.13.0-beta1
- version/python python/3.13.0-beta2
- version/python python/3.13.0-beta3
- version/python python/3.13.0-beta4
- version/python python/3.13.0-rc1
- vendor/f5
- canonical/f5 big-ip next central manager
- version/f5 big-ip next central manager/20.2.0
- version/f5 big-ip next central manager/20.2.1
- canonical/f5 big-ip next spk
- version/f5 big-ip next spk/1.7.0
- version/f5 big-ip next spk/1.9.2
- canonical/f5 big-ip next cnf
- version/f5 big-ip next cnf/1.1.0
- version/f5 big-ip next cnf/1.3.1
- canonical/f5 big-ip
- version/f5 big-ip/17.1.0
- version/f5 big-ip/17.1.1
- version/f5 big-ip/16.1.0
- version/f5 big-ip/16.1.5
- version/f5 big-ip/15.1.0
- version/f5 big-ip/15.1.10
- canonical/f5 big-iq centralized management
- version/f5 big-iq centralized management/8.2.0
- version/f5 big-iq centralized management/8.3.0
- canonical/f5 f5os-a
- version/f5 f5os-a/1.7.0
- version/f5 f5os-a/1.8.0
- version/f5 f5os-a/1.5.1
- version/f5 f5os-a/1.5.2
- canonical/f5 f5os-c
- version/f5 f5os-c/1.6.0
- version/f5 f5os-c/1.6.2
- package-manager/debian