vulnerability

Red Hat: CVE-2024-0450: python: The zipfile module is vulnerable to zip-bombs leading to denial of service (Multiple Advisories)

Try Surface Command
Back to search
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:C)
Published
03/19/2024
Added
05/24/2024
Modified
03/19/2025

Description

An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.

The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.

Solution(s)

redhat-upgrade-cython-debugsourceredhat-upgrade-numpy-debugsourceredhat-upgrade-platform-pythonredhat-upgrade-platform-python-debugredhat-upgrade-platform-python-develredhat-upgrade-python-cffi-debugsourceredhat-upgrade-python-cryptography-debugsourceredhat-upgrade-python-lxml-debugsourceredhat-upgrade-python-psutil-debugsourceredhat-upgrade-python-psycopg2-debugsourceredhat-upgrade-python-unversioned-commandredhat-upgrade-python3redhat-upgrade-python3-11redhat-upgrade-python3-11-debugredhat-upgrade-python3-11-debuginforedhat-upgrade-python3-11-debugsourceredhat-upgrade-python3-11-develredhat-upgrade-python3-11-idleredhat-upgrade-python3-11-libsredhat-upgrade-python3-11-rpm-macrosredhat-upgrade-python3-11-testredhat-upgrade-python3-11-tkinterredhat-upgrade-python3-12redhat-upgrade-python3-12-debugredhat-upgrade-python3-12-debuginforedhat-upgrade-python3-12-debugsourceredhat-upgrade-python3-12-develredhat-upgrade-python3-12-idleredhat-upgrade-python3-12-libsredhat-upgrade-python3-12-rpm-macrosredhat-upgrade-python3-12-testredhat-upgrade-python3-12-tkinterredhat-upgrade-python3-9-debuginforedhat-upgrade-python3-9-debugsourceredhat-upgrade-python3-debugredhat-upgrade-python3-debuginforedhat-upgrade-python3-debugsourceredhat-upgrade-python3-develredhat-upgrade-python3-idleredhat-upgrade-python3-libsredhat-upgrade-python3-testredhat-upgrade-python3-tkinterredhat-upgrade-python39redhat-upgrade-python39-attrsredhat-upgrade-python39-cffiredhat-upgrade-python39-cffi-debuginforedhat-upgrade-python39-chardetredhat-upgrade-python39-cryptographyredhat-upgrade-python39-cryptography-debuginforedhat-upgrade-python39-cythonredhat-upgrade-python39-cython-debuginforedhat-upgrade-python39-debugredhat-upgrade-python39-debuginforedhat-upgrade-python39-debugsourceredhat-upgrade-python39-develredhat-upgrade-python39-idleredhat-upgrade-python39-idnaredhat-upgrade-python39-iniconfigredhat-upgrade-python39-libsredhat-upgrade-python39-lxmlredhat-upgrade-python39-lxml-debuginforedhat-upgrade-python39-mod_wsgiredhat-upgrade-python39-more-itertoolsredhat-upgrade-python39-numpyredhat-upgrade-python39-numpy-debuginforedhat-upgrade-python39-numpy-docredhat-upgrade-python39-numpy-f2pyredhat-upgrade-python39-packagingredhat-upgrade-python39-pipredhat-upgrade-python39-pip-wheelredhat-upgrade-python39-pluggyredhat-upgrade-python39-plyredhat-upgrade-python39-psutilredhat-upgrade-python39-psutil-debuginforedhat-upgrade-python39-psycopg2redhat-upgrade-python39-psycopg2-debuginforedhat-upgrade-python39-psycopg2-docredhat-upgrade-python39-psycopg2-testsredhat-upgrade-python39-pyredhat-upgrade-python39-pybind11redhat-upgrade-python39-pybind11-develredhat-upgrade-python39-pycparserredhat-upgrade-python39-pymysqlredhat-upgrade-python39-pyparsingredhat-upgrade-python39-pysocksredhat-upgrade-python39-pytestredhat-upgrade-python39-pyyamlredhat-upgrade-python39-pyyaml-debuginforedhat-upgrade-python39-requestsredhat-upgrade-python39-rpm-macrosredhat-upgrade-python39-scipyredhat-upgrade-python39-scipy-debuginforedhat-upgrade-python39-setuptoolsredhat-upgrade-python39-setuptools-wheelredhat-upgrade-python39-sixredhat-upgrade-python39-testredhat-upgrade-python39-tkinterredhat-upgrade-python39-tomlredhat-upgrade-python39-urllib3redhat-upgrade-python39-wcwidthredhat-upgrade-python39-wheelredhat-upgrade-python39-wheel-wheelredhat-upgrade-pyyaml-debugsourceredhat-upgrade-scipy-debugsource

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today