high
7.5
CWE
1333
Advisory Published
Advisory Published
Updated

CVE-2024-6232: Regular-expression DoS when parsing TarFile headers

First published: Tue Sep 03 2024(Updated: )

Last updated 19 November 2024

Credit: cna@python.org cna@python.org

Affected SoftwareAffected VersionHow to fix
debian/python2.7<=2.7.18-8+deb11u1
debian/python3.11<=3.11.2-6+deb12u3
3.11.2-6+deb12u5
debian/python3.12
3.12.9-1
debian/python3.13
3.13.2-1
debian/python3.9<=3.9.2-1
3.9.2-1+deb11u2
Python Babel Localedata<3.8.20
Python Babel Localedata>=3.9.0<3.9.20
Python Babel Localedata>=3.10.0<3.10.15
Python Babel Localedata>=3.11.0<3.11.10
Python Babel Localedata>=3.12.0<3.12.6
Python Babel Localedata=3.13.0-alpha0
Python Babel Localedata=3.13.0-alpha1
Python Babel Localedata=3.13.0-alpha2
Python Babel Localedata=3.13.0-alpha3
Python Babel Localedata=3.13.0-alpha4
Python Babel Localedata=3.13.0-alpha5
Python Babel Localedata=3.13.0-alpha6
Python Babel Localedata=3.13.0-beta1
Python Babel Localedata=3.13.0-beta2
Python Babel Localedata=3.13.0-beta3
Python Babel Localedata=3.13.0-beta4
Python Babel Localedata=3.13.0-rc1
F5 BIG-IP Next Central Manager>=20.2.0<=20.2.1
20.3.0
F5 BIG-IP Next>=1.7.0<=1.9.2
F5 BIG-IP Next>=1.1.0<=1.3.1
F5 BIG-IP and BIG-IQ Centralized Management>=17.1.0<=17.1.1
F5 BIG-IP and BIG-IQ Centralized Management>=16.1.0<=16.1.5
F5 BIG-IP and BIG-IQ Centralized Management>=15.1.0<=15.1.10
F5 BIG-IP and BIG-IQ Centralized Management>=8.2.0<=8.3.0
F5 F5OS-A>=1.7.0<=1.8.0>=1.5.1<=1.5.2
F5 F5OS-C>=1.6.0<=1.6.2
IBM Rational Team Concert<=1.0.0, 1.0.1, 1.0.2, 1.0.2.1, 1.0.3

Remedy

https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06

Remedy

https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4

Remedy

https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf

Remedy

https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373

Remedy

https://github.com/python/cpython/issues/121285

Remedy

https://github.com/python/cpython/pull/121286

Remedy

https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4

Remedy

https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d

Remedy

https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2024-6232?

    CVE-2024-6232 has a moderate severity rating due to its potential for causing a denial of service.

  • How do I fix CVE-2024-6232?

    To fix CVE-2024-6232, update affected Python versions to the latest patched releases listed in the vulnerability advisories.

  • Which software is affected by CVE-2024-6232?

    CVE-2024-6232 affects several versions of Python and products from IBM and F5 listed in the vulnerability description.

  • How does CVE-2024-6232 impact Python users?

    CVE-2024-6232 can lead to denial of service for applications that utilize vulnerable Python libraries to handle tar archives.

  • What type of attack does CVE-2024-6232 enable?

    CVE-2024-6232 enables a regular expression denial of service (ReDoS) attack through specially crafted tar files.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203