CVE-2024-6232

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

Open

MEDIUM (4.3)

T
Tim Bastin detected CVE-2024-6232 with a risk of 3.45
main
T
Tim Bastin fixed CVE-2024-6232
main
T
Tim Bastin detected CVE-2024-6232 with a risk of 3.45
main
System updated the risk assessment to 1.72
main
System recalculated raw risk assessment
System updated the risk assessment to 3.45
main
System recalculated raw risk assessment
T
Tim Bastin detected CVE-2024-6232 with a risk of 3.45
0.8.2
T
Tim Bastin detected CVE-2024-6232 with a risk of 3.45
HEAD
System updated the risk assessment to 1.72
0.8.2
System recalculated raw risk assessment
System updated the risk assessment to 1.72
HEAD
System recalculated raw risk assessment
System updated the risk assessment to 1.72
main
System recalculated raw risk assessment
T
Tim Bastin detected CVE-2024-6232 with a risk of 3.45
update-risk-management-default-value
System updated the risk assessment to 1.72
update-risk-management-default-value
System recalculated raw risk assessment
T
Tim Bastin detected CVE-2024-6232 with a risk of 1.15
0.9.0
System updated the risk assessment from 1.72 to 0.86
main
System recalculated raw risk assessment
System updated the risk assessment from 1.15 to 0.86
0.9.0
System recalculated raw risk assessment
System updated the risk assessment from 0.86 to 1.72
main
System recalculated raw risk assessment
System updated the risk assessment from 1.72 to 3.45
0.8.2
System recalculated raw risk assessment
System updated the risk assessment from 0.86 to 1.72
0.9.0
System recalculated raw risk assessment
System updated the risk assessment from 1.72 to 3.45
HEAD
System recalculated raw risk assessment
System updated the risk assessment from 1.72 to 3.45
update-risk-management-default-value
System recalculated raw risk assessment
System updated the risk assessment from 1.72 to 3.45
main
System recalculated raw risk assessment
System updated the risk assessment from 3.45 to 1.72
main
System recalculated raw risk assessment
System
main
System fixed CVE-2024-6232
main
System
0.9.0
System detected CVE-2024-6232 with a risk of 1.72
main
System
0.9.0
System
main
System fixed CVE-2024-6232
main
System
0.9.0
System detected CVE-2024-6232 with a risk of 1.72
main
T
Tim Bastin detected CVE-2024-6232 with a risk of 1.72
add-first-party-scan-to-gitlap-pipeline
T
Tim Bastin detected CVE-2024-6232 with a risk of 1.72
add-jobs-tags
T
Tim Bastin detected CVE-2024-6232 with a risk of 1.72
0.11.1
T
Tim Bastin detected CVE-2024-6232 with a risk of 1.72
feautre/sarif-sbom-upload-components
System updated the risk assessment from 3.45 to 1.72
chore/adds-additional-env-flags
System recalculated raw risk assessment
System updated the risk assessment from 3.45 to 1.72
attest
System recalculated raw risk assessment
System updated the risk assessment from 3.45 to 1.72
revert-c7057e5e
System recalculated raw risk assessment
System updated the risk assessment from 3.45 to 1.72
revert-c7057e5e
System recalculated raw risk assessment
System updated the risk assessment from 3.45 to 1.72
revert-c7057e5e
System recalculated raw risk assessment
System updated the risk assessment from 3.45 to 1.72
0.12.0
System recalculated raw risk assessment
System
add/artifact-name-input
System
add/artifact-name-input
System
add/artifact-name-input
System
add/artifact-name-input
T
Tim Bastin fixed CVE-2024-6232
main
System updated the risk assessment from 1.72 to 3.45
main
System recalculated raw risk assessment
System updated the risk assessment from 3.45 to 1.72
add/artifact-name-input
System recalculated raw risk assessment
S
Sebastian Kawelke updated the risk assessment from 3.45 to 4.25
HEAD
Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high
S
Sebastian Kawelke updated the risk assessment from 1.72 to 2.12
feautre/sarif-sbom-upload-components
Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high
S
Sebastian Kawelke updated the risk assessment from 1.72 to 2.12
add-jobs-tags
Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high
S
Sebastian Kawelke updated the risk assessment from 1.72 to 2.12
chore/adds-additional-env-flags
Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high
S
Sebastian Kawelke updated the risk assessment from 1.72 to 2.12
attest
Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high
S
Sebastian Kawelke updated the risk assessment from 3.45 to 4.25
main
Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high
S
Sebastian Kawelke updated the risk assessment from 1.72 to 2.12
add/artifact-name-input
Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high
S
Sebastian Kawelke updated the risk assessment from 3.45 to 4.25
update-risk-management-default-value
Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high
S
Sebastian Kawelke updated the risk assessment from 1.72 to 2.12
0.11.1
Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high
S
Sebastian Kawelke updated the risk assessment from 1.72 to 2.12
add-first-party-scan-to-gitlap-pipeline
Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high
S
Sebastian Kawelke updated the risk assessment from 1.72 to 2.12
examples
Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high
S
Sebastian Kawelke updated the risk assessment from 1.72 to 2.12
fix-attest.yaml
Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high
S
Sebastian Kawelke updated the risk assessment from 1.72 to 2.12
0.9.0
Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high
S
Sebastian Kawelke updated the risk assessment from 1.72 to 2.12
0.12.0
Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high
S
Sebastian Kawelke updated the risk assessment from 1.72 to 2.12
revert-c7057e5e
Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high
S
Sebastian Kawelke updated the risk assessment from 3.45 to 4.25
0.8.2
Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high
System updated the risk assessment from 2.12 to 2.15
0.11.1
System recalculated raw risk assessment
System updated the risk assessment from 4.25 to 4.3
0.8.2
System recalculated raw risk assessment
System updated the risk assessment from 2.12 to 2.15
revert-c7057e5e
System recalculated raw risk assessment
System updated the risk assessment from 4.25 to 4.3
main
System recalculated raw risk assessment
System updated the risk assessment from 2.12 to 2.15
0.12.0
System recalculated raw risk assessment
System updated the risk assessment from 2.12 to 2.15
0.9.0
System recalculated raw risk assessment
System updated the risk assessment from 4.25 to 4.3
update-risk-management-default-value
System recalculated raw risk assessment
System updated the risk assessment from 2.12 to 2.15
chore/adds-additional-env-flags
System recalculated raw risk assessment
System updated the risk assessment from 2.12 to 2.15
add-first-party-scan-to-gitlap-pipeline
System recalculated raw risk assessment
System updated the risk assessment from 4.25 to 4.3
HEAD
System recalculated raw risk assessment
System updated the risk assessment from 2.12 to 2.15
add/artifact-name-input
System recalculated raw risk assessment
System updated the risk assessment from 2.12 to 2.15
add-jobs-tags
System recalculated raw risk assessment
System updated the risk assessment from 2.12 to 2.15
examples
System recalculated raw risk assessment
System updated the risk assessment from 2.12 to 2.15
attest
System recalculated raw risk assessment
System updated the risk assessment from 2.12 to 2.15
fix-attest.yaml
System recalculated raw risk assessment
System updated the risk assessment from 2.12 to 2.15
feautre/sarif-sbom-upload-components
System recalculated raw risk assessment
System updated the risk assessment from 2.15 to 4.3
add/artifact-name-input
System recalculated raw risk assessment
System updated the risk assessment from 2.15 to 4.3
0.11.1
System recalculated raw risk assessment
System updated the risk assessment from 2.15 to 4.3
0.9.0
System recalculated raw risk assessment
System updated the risk assessment from 4.3 to 2.15
update-risk-management-default-value
System recalculated raw risk assessment
System updated the risk assessment from 2.15 to 4.3
revert-c7057e5e
System recalculated raw risk assessment
System updated the risk assessment from 2.15 to 4.3
chore/adds-additional-env-flags
System recalculated raw risk assessment
System updated the risk assessment from 2.15 to 4.3
add-first-party-scan-to-gitlap-pipeline
System recalculated raw risk assessment
System updated the risk assessment from 4.3 to 2.15
HEAD
System recalculated raw risk assessment
System updated the risk assessment from 2.15 to 4.3
add-jobs-tags
System recalculated raw risk assessment
System updated the risk assessment from 2.15 to 4.3
0.12.0
System recalculated raw risk assessment
System updated the risk assessment from 4.3 to 2.15
0.8.2
System recalculated raw risk assessment
System updated the risk assessment from 2.15 to 4.3
examples
System recalculated raw risk assessment
System updated the risk assessment from 2.15 to 4.3
attest
System recalculated raw risk assessment
System updated the risk assessment from 2.15 to 4.3
fix-attest.yaml
System recalculated raw risk assessment
System updated the risk assessment from 2.15 to 4.3
feautre/sarif-sbom-upload-components
System recalculated raw risk assessment
System fixed CVE-2024-6232
add/artifact-name-input
System fixed CVE-2024-6232
attest
System fixed CVE-2024-6232
0.11.1
System fixed CVE-2024-6232
examples
System fixed CVE-2024-6232
0.9.0
System fixed CVE-2024-6232
chore/adds-additional-env-flags
System fixed CVE-2024-6232
revert-c7057e5e
System fixed CVE-2024-6232
0.12.0
System fixed CVE-2024-6232
add-jobs-tags
System fixed CVE-2024-6232
fix-attest.yaml
System fixed CVE-2024-6232
feautre/sarif-sbom-upload-components
System fixed CVE-2024-6232
add-first-party-scan-to-gitlap-pipeline
System fixed CVE-2024-6232
0.8.2
System fixed CVE-2024-6232
HEAD
System fixed CVE-2024-6232
update-risk-management-default-value
System fixed CVE-2024-6232
main
System detected CVE-2024-6232 with a risk of 2.15
add/artifact-name-input
System updated the risk assessment from 2.15 to 4.3
update-risk-management-default-value
System recalculated raw risk assessment

Add a comment

Last calculated at:

Affected component

debian/python3.11

Installed version:

3.11.2-6

Fixed in:

no patch available

Show in dependency graph

🛡️ DevGuard
Group
/🧩 DevGuard CI-Components
Repository

CVE-2024-6232

Add a comment

Affected component

Management decisions across the organization