CVE-2024-6232

Advisory lineage Upstream: 0 Downstream: 49

Downstream

ALPINE-CVE-2024-6232 DEBIAN-CVE-2024-6232 DLA-3980-1 DLA-4354-1 MGASA-2024-0317 OPENSUSE-SU-2024:14326-1

Modified

Published: 03 Sept 2024, 12:29

Last modified:03 Nov 2025, 22:32

Vulnerability Summary

Overall Risk (default)

medium

41/100

CVSS Score

7.5 HIGH

v3.1 (cve.org)

EPSS Score

3.01% LOW

3% probability -0.16%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

03 Sept 2024, 12:29

Published

Vulnerability first disclosed

03 Nov 2025, 22:32

Last Modified

Vulnerability information updated

Description

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

CVSS Metrics

v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 3.01%• Percentile: 87%

Techniques & Countermeasures

CWE-1333•Inefficient Regular Expression Complexity
The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

Affected Systems

python software foundation•cpython
< 3.8.20 | ≥ 3.9.0, < 3.9.20 | ≥ 3.10.0, < 3.10.15 | ≥ 3.11.0, < 3.11.10 | ≥ 3.12.0, < 3.12.6 | ≥ 3.13.0a1, < 3.13.0rc2
python•python
< 3.8.20 | ≥ 3.9.0, < 3.9.20 | ≥ 3.10.0, < 3.10.15 | ≥ 3.11.0, < 3.11.10 | ≥ 3.12.0, < 3.12.6 | 3.13.0:alpha0 | 3.13.0:alpha1 | 3.13.0:alpha2 | 3.13.0:alpha3 | 3.13.0:alpha4 | 3.13.0:alpha5 | 3.13.0:alpha6 | 3.13.0:beta1 | 3.13.0:beta2 | 3.13.0:beta3 | 3.13.0:beta4 | 3.13.0:rc1