====================================================================

                                    CERT-Renater

                          Note d'Information No. 2024/VULN359
_____________________________________________________________________

DATE                : 05/09/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running CPython.

=====================================================================
https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/
_____________________________________________________________________


[CVE-2024-6232] Regular-expression DoS when parsing TarFile headers

[CVE-2024-8088] Infinite loop when...
Seth Larson
3 Sep 2024 07:30

There is a MEDIUM severity vulnerability affecting CPython.

Regular expressions that allowed excessive backtracking during
tarfile.TarFile header parsing are vulnerable to ReDoS via
specifically-crafted tar archives.

Please see the linked CVE ID for the latest information on affected
versions:

     https://www.cve.org/CVERecord?id=CVE-2024-6232
     https://github.com/python/cpython/pull/121286



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================