REDHAT-BUG-2309426
First published: Tue Sep 03 2024(Updated: )
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CPython |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2024:6909
- https://access.redhat.com/errata/RHSA-2024:6975
- https://access.redhat.com/errata/RHSA-2024:7415
- https://access.redhat.com/errata/RHSA-2024:7647
- https://access.redhat.com/errata/RHSA-2024:8130
- https://access.redhat.com/errata/RHSA-2024:8359
- https://access.redhat.com/errata/RHSA-2024:8374
- https://access.redhat.com/errata/RHSA-2024:8447
- https://access.redhat.com/errata/RHSA-2024:8446
- https://access.redhat.com/errata/RHSA-2024:8490
- https://access.redhat.com/errata/RHSA-2024:8504
- https://access.redhat.com/errata/RHSA-2024:8797
- https://access.redhat.com/errata/RHSA-2024:8838
- https://access.redhat.com/errata/RHSA-2024:8836
- https://access.redhat.com/errata/RHSA-2024:8977
- https://access.redhat.com/errata/RHSA-2024:9450
- https://access.redhat.com/errata/RHSA-2024:9451
- https://access.redhat.com/errata/RHSA-2024:9468
- https://bugzilla.redhat.com/show_bug.cgi?id=2309426
Frequently Asked Questions
What is the severity of REDHAT-BUG-2309426?
The severity of REDHAT-BUG-2309426 is classified as MEDIUM.
How does REDHAT-BUG-2309426 affect CPython?
REDHAT-BUG-2309426 affects CPython by allowing ReDoS attacks through excessive backtracking in regular expressions during tarfile header parsing.
What is a ReDoS attack in the context of REDHAT-BUG-2309426?
A ReDoS attack, in the context of REDHAT-BUG-2309426, involves exploiting the excessive backtracking of regular expressions to degrade the performance of the application.
How can I mitigate the risks associated with REDHAT-BUG-2309426?
To mitigate the risks associated with REDHAT-BUG-2309426, ensure that you are using the latest security patches and validate tar archives before processing.
Is there a specific version of CPython affected by REDHAT-BUG-2309426?
While specific versions are not mentioned, CPython versions susceptible to excessive backtracking in tarfile processing are affected by REDHAT-BUG-2309426.
- agent/severity
- agent/type
- agent/first-publish-date
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-6232
- agent/references
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/python software foundation
- canonical/cpython