CVE-2024-7592: Quadratic complexity parsing cookies with backslashes
First published: Mon Aug 19 2024(Updated: )
Last updated 19 September 2024
Credit: cna@python.org cna@python.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Python Python | <=3.12.5 | |
| Python Python | =3.13.0-alpha0 | |
| Python Python | =3.13.0-alpha1 | |
| Python Python | =3.13.0-alpha2 | |
| Python Python | =3.13.0-alpha3 | |
| Python Python | =3.13.0-alpha4 | |
| Python Python | =3.13.0-alpha5 | |
| Python Python | =3.13.0-alpha6 | |
| Python Python | =3.13.0-beta1 | |
| Python Python | =3.13.0-beta2 | |
| Python Python | =3.13.0-beta3 | |
| Python Python | =3.13.0-beta4 | |
| Python Python | =3.13.0-rc1 | |
| debian/python3.11 | <=3.11.2-6+deb12u4<=3.11.2-6+deb12u3 | |
| debian/python3.12 | 3.12.7-3 | |
| debian/python3.13 | 3.13.0-2 | |
| debian/python3.9 | <=3.9.2-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621
- https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06
- https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a
- https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f
- https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774
- https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1
- https://github.com/python/cpython/issues/123067
- https://github.com/python/cpython/pull/123075
- https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7592
- https://nvd.nist.gov/vuln/detail/CVE-2024-7592
- https://launchpad.net/bugs/cve/CVE-2024-7592
- https://security-tracker.debian.org/tracker/CVE-2024-7592
- https://ubuntu.com/security/CVE-2024-7592
- agent/title
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/remedy
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/author
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/nvd-cve
- vendor/python
- canonical/python python
- version/python python/3.12.5
- version/python python/3.13.0-alpha0
- version/python python/3.13.0-alpha1
- version/python python/3.13.0-alpha2
- version/python python/3.13.0-alpha3
- version/python python/3.13.0-alpha4
- version/python python/3.13.0-alpha5
- version/python python/3.13.0-alpha6
- version/python python/3.13.0-beta1
- version/python python/3.13.0-beta2
- version/python python/3.13.0-beta3
- version/python python/3.13.0-beta4
- version/python python/3.13.0-rc1
- package-manager/debian