CVE-2024-6232

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

Fixed
LOW (3.5)
  • T

    Tim Bastin detected CVE-2024-6232 with a risk of 3.45

  • T

    Tim Bastin fixed CVE-2024-6232

  • T

    Tim Bastin detected CVE-2024-6232 with a risk of 3.45

  • logo

    System updated the risk assessment to 1.72

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment to 3.45

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment to 1.72

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 1.72 to 0.86

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 0.86 to 1.72

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 1.72 to 3.45

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 3.45 to 1.72

    System recalculated raw risk assessment

  • logo

    System detected CVE-2024-6232 with scanner: container-scanning github.com/l3montree-dev/devguard/cmd/devguard-scanner/container-scanning github.com/l3montree-dev/devguard/cmd/devguard-scanner/container-scanning

  • logo

    System fixed CVE-2024-6232

  • logo

    System detected CVE-2024-6232 with a risk of 1.72

  • logo

    System removed scanner: container-scanning

  • logo

    System detected CVE-2024-6232 with scanner: container-scanning github.com/l3montree-dev/devguard/cmd/devguard-scanner/container-scanning github.com/l3montree-dev/devguard/cmd/devguard-scanner/container-scanning

  • logo

    System fixed CVE-2024-6232

  • logo

    System detected CVE-2024-6232 with a risk of 1.72

  • T

    Tim Bastin fixed CVE-2024-6232

  • logo

    System updated the risk assessment from 1.72 to 3.45

    System recalculated raw risk assessment

Reopen this vulnerability

You can reopen this vuln, if you plan to mitigate the risk now, or accepted this vuln by accident.

Last calculated at:

Affected component

Logo von deb debian/python3.11

Installed version:
3.11.2-6
Fixed in:
no patch available
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 667098114b5ef45c7830e7aa599604fa65eb818f