Updated: 2025-08-20 02:35:33.91264
Description:
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | MEDIUM | 6.2 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | python3.11 | 3.11.2 | 6.2 | MEDIUM | Released | CLSA-2025:1741126677 | 2025-03-05 21:52:30 | |
| AlmaLinux 9.2 ESU | python3 | 3.9.16 | 6.2 | MEDIUM | Released | CLSA-2024:1734642829 | 2024-12-20 23:15:32 | |
| CentOS 7 ELS | python3 | 3.6.8 | 6.2 | MEDIUM | Ignored | 2024-05-24 14:19:10 | Ignored due to low severity | |
| CentOS 8.4 ELS | python3 | 3.6.8 | 6.2 | MEDIUM | Released | CLSA-2024:1720178532 | 2024-07-05 10:17:10 | |
| CentOS 8.4 ELS | python2 | 2.7.18 | 6.2 | MEDIUM | Released | CLSA-2024:1720178375 | 2024-07-05 10:16:58 | |
| CentOS 8.5 ELS | python2 | 2.7.18 | 6.2 | MEDIUM | Released | CLSA-2024:1720772189 | 2024-07-12 05:08:28 | |
| CentOS 8.5 ELS | python3 | 3.6.8 | 6.2 | MEDIUM | Released | CLSA-2024:1720548691 | 2024-07-09 14:24:54 | |
| CentOS Stream 8 ELS | python2 | 2.7.18 | 6.2 | MEDIUM | Released | CLSA-2024:1723482251 | 2024-08-12 14:28:11 | |
| Ubuntu 16.04 ELS | python3.5 | 3.5.2 | 6.2 | MEDIUM | Released | CLSA-2024:1724260328 | 2024-08-21 14:31:31 | |
| Ubuntu 18.04 ELS | python3.6 | 3.6.9-1 | 6.2 | MEDIUM | Released | CLSA-2024:1724259346 | 2024-08-21 14:31:30 |