vulnerability
Oracle Linux: CVE-2024-8088: ELSA-2024-5962: python39:3.9 and python39-devel:3.9 security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:H/Au:N/C:N/I:N/A:C) | Aug 22, 2024 | Oct 16, 2024 | May 14, 2025 |
Severity
5
CVSS
(AV:N/AC:H/Au:N/C:N/I:N/A:C)
Published
Aug 22, 2024
Added
Oct 16, 2024
Modified
May 14, 2025
Description
There is a HIGH severity vulnerability affecting the CPython "zipfile"
module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected.
When iterating over names of entries in a zip archive (for example, methods
of "zipfile.Path" like "namelist()", "iterdir()", etc)
the process can be put into an infinite loop with a maliciously crafted
zip archive. This defect applies when reading only metadata or extracting
the contents of the zip archive. Programs that are not handling
user-controlled zip archives are not affected.
A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.
module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected.
When iterating over names of entries in a zip archive (for example, methods
of "zipfile.Path" like "namelist()", "iterdir()", etc)
the process can be put into an infinite loop with a maliciously crafted
zip archive. This defect applies when reading only metadata or extracting
the contents of the zip archive. Programs that are not handling
user-controlled zip archives are not affected.
A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.
Solution(s)
oracle-linux-upgrade-python3oracle-linux-upgrade-python3-11oracle-linux-upgrade-python3-11-debugoracle-linux-upgrade-python3-11-develoracle-linux-upgrade-python3-11-idleoracle-linux-upgrade-python3-11-libsoracle-linux-upgrade-python3-11-rpm-macrosoracle-linux-upgrade-python3-11-testoracle-linux-upgrade-python3-11-tkinteroracle-linux-upgrade-python3-12oracle-linux-upgrade-python3-12-debugoracle-linux-upgrade-python3-12-develoracle-linux-upgrade-python3-12-idleoracle-linux-upgrade-python3-12-libsoracle-linux-upgrade-python3-12-rpm-macrosoracle-linux-upgrade-python3-12-testoracle-linux-upgrade-python3-12-tkinteroracle-linux-upgrade-python39oracle-linux-upgrade-python39-cffioracle-linux-upgrade-python39-chardetoracle-linux-upgrade-python39-cryptographyoracle-linux-upgrade-python39-debugoracle-linux-upgrade-python39-develoracle-linux-upgrade-python39-idleoracle-linux-upgrade-python39-idnaoracle-linux-upgrade-python39-libsoracle-linux-upgrade-python39-lxmloracle-linux-upgrade-python39-mod-wsgioracle-linux-upgrade-python39-numpyoracle-linux-upgrade-python39-numpy-docoracle-linux-upgrade-python39-numpy-f2pyoracle-linux-upgrade-python39-piporacle-linux-upgrade-python39-pip-wheeloracle-linux-upgrade-python39-plyoracle-linux-upgrade-python39-psutiloracle-linux-upgrade-python39-psycopg2oracle-linux-upgrade-python39-psycopg2-docoracle-linux-upgrade-python39-psycopg2-testsoracle-linux-upgrade-python39-pycparseroracle-linux-upgrade-python39-pymysqloracle-linux-upgrade-python39-pysocksoracle-linux-upgrade-python39-pyyamloracle-linux-upgrade-python39-requestsoracle-linux-upgrade-python39-rpm-macrosoracle-linux-upgrade-python39-scipyoracle-linux-upgrade-python39-setuptoolsoracle-linux-upgrade-python39-setuptools-wheeloracle-linux-upgrade-python39-sixoracle-linux-upgrade-python39-testoracle-linux-upgrade-python39-tkinteroracle-linux-upgrade-python39-tomloracle-linux-upgrade-python39-urllib3oracle-linux-upgrade-python39-wheeloracle-linux-upgrade-python39-wheel-wheeloracle-linux-upgrade-python3-debugoracle-linux-upgrade-python3-develoracle-linux-upgrade-python3-idleoracle-linux-upgrade-python3-libsoracle-linux-upgrade-python3-testoracle-linux-upgrade-python3-tkinteroracle-linux-upgrade-python-unversioned-command
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.