CVE-2024-8088

Updated: 2024-08-29 02:52:11.540904

Description:

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x MEDIUM 5.3

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU python3 3.9.16 5.3 MEDIUM Released CLSA-2024:1732700855 2024-11-27 11:56:29
CentOS 6 ELS python 2.6.6 5.3 MEDIUM Ignored 2024-08-29 12:10:08
CentOS 7 ELS python 2.7.5 5.3 MEDIUM Ignored 2024-08-29 12:10:08
CentOS 8.4 ELS python3 3.6.8 5.3 MEDIUM Not Vulnerable 2024-09-24 05:39:38
CentOS 8.4 ELS python2 2.7.18 5.3 MEDIUM Not Vulnerable 2024-09-25 12:31:09
CentOS 8.5 ELS python2 2.7.18 5.3 MEDIUM Not Vulnerable 2024-09-25 12:31:09
CentOS 8.5 ELS python3 3.6.8 5.3 MEDIUM Not Vulnerable 2024-09-24 05:39:38
CentOS Stream 8 ELS python2 2.7.18 5.3 MEDIUM Not Vulnerable 2024-09-25 12:31:09
CloudLinux 6 ELS python 2.6.6 5.3 MEDIUM Ignored 2024-08-29 12:10:09
CloudLinux 7 ELS python 2.7.5 5.3 MEDIUM Ignored 2024-08-29 05:23:12
Total: 11