V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsDocs
Back to catalog
BDU:2024-04927
BDU
Medium

Уязвимость модуля zipfile интерпретатора языка программирования Python (CPython) связана с неконтролируемым потреблением ресурсов. Эксплуат…

CVSS
6.2
Medium
EPSS
0.00
p0
Published
2024-01-01
Updated
2024-01-01
Description

Уязвимость модуля zipfile интерпретатора языка программирования Python (CPython) связана с неконтролируемым потреблением ресурсов. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Affected products
Python software foundation CpythonPython software foundation CpythonPython software foundation CpythonPython software foundation CpythonPython software foundation CpythonPython software foundation CpythonPython software foundation CpythonPython software foundation CpythonPython software foundation CpythonPython software foundation CpythonPython software foundation CpythonPython software foundation CpythonPython software foundation CpythonPython software foundation CpythonPython software foundation CpythonPython software foundation CpythonPython software foundation CpythonPython software foundation CpythonPython software foundation CpythonPython software foundation Cpython
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Timeline
2024-01-01
Published
2024-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: L
Local (L)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: N
None (N)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.000 · p0
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected software
ProductVendorStatus
cpythonpython software foundationTracked
cpythonpython software foundationTracked
cpythonpython software foundationTracked
cpythonpython software foundationTracked
cpythonpython software foundationTracked
cpythonpython software foundationTracked
cpythonpython software foundationTracked
cpythonpython software foundationTracked
cpythonpython software foundationTracked
cpythonpython software foundationTracked
cpythonpython software foundationTracked
cpythonpython software foundationTracked
cpythonpython software foundationTracked
cpythonpython software foundationTracked
cpythonpython software foundationTracked
cpythonpython software foundationTracked
cpythonpython software foundationTracked
cpythonpython software foundationTracked
cpythonpython software foundationTracked
cpythonpython software foundationTracked
Source databases
BDU
Related vulnerabilities
CVE-2024-0450
External references
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0450@https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/@https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/@https://www.bamsoftware.com/hacks/zipbomb/@https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/@https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html@https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html@https://github.com/python/cpython/issues/109858@https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b@https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183@https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549@https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51@https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675@https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba@https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85@http://www.openwall.com/lists/oss-security/2024/03/20/5@https://www.cybersecurity-help.cz/vdb/SB2024062848@https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.11/@http://repo.red-soft.ru/redos/7.3c/x86_64/updates/@https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17@https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16@https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47@https://altsp.su/obnovleniya-bezopasnosti/@https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0114SE18MD@https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.13/