Bug 2276525 (CVE-2024-0450) - CVE-2024-0450 python: The zipfile module is vulnerable to zip-bombs leading to denial of service
Summary: CVE-2024-0450 python: The zipfile module is vulnerable to zip-bombs leading t...
Keywords:
Status: NEW
Alias: CVE-2024-0450
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2276519
TreeView+ depends on / blocked
 
Reported: 2024-04-22 20:57 UTC by Marco Benatto
Modified: 2024-10-10 13:47 UTC (History)
28 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:3356 0 None None None 2024-05-28 08:27:06 UTC
Red Hat Product Errata RHBA-2024:3357 0 None None None 2024-05-28 08:23:34 UTC
Red Hat Product Errata RHBA-2024:3359 0 None None None 2024-05-28 08:33:11 UTC
Red Hat Product Errata RHBA-2024:3374 0 None None None 2024-05-28 09:28:41 UTC
Red Hat Product Errata RHBA-2024:3384 0 None None None 2024-05-28 09:29:00 UTC
Red Hat Product Errata RHBA-2024:3387 0 None None None 2024-05-28 12:16:31 UTC
Red Hat Product Errata RHBA-2024:3388 0 None None None 2024-05-28 12:17:26 UTC
Red Hat Product Errata RHBA-2024:3394 0 None None None 2024-05-28 12:59:40 UTC
Red Hat Product Errata RHBA-2024:3395 0 None None None 2024-05-28 12:58:17 UTC
Red Hat Product Errata RHBA-2024:3396 0 None None None 2024-05-28 13:00:30 UTC
Red Hat Product Errata RHBA-2024:3446 0 None None None 2024-05-29 07:59:21 UTC
Red Hat Product Errata RHBA-2024:3447 0 None None None 2024-05-29 07:59:14 UTC
Red Hat Product Errata RHBA-2024:3478 0 None None None 2024-05-29 20:03:36 UTC
Red Hat Product Errata RHBA-2024:3548 0 None None None 2024-06-03 11:34:51 UTC
Red Hat Product Errata RHBA-2024:3556 0 None None None 2024-06-03 14:55:40 UTC
Red Hat Product Errata RHBA-2024:4060 0 None None None 2024-06-24 07:35:33 UTC
Red Hat Product Errata RHBA-2024:4089 0 None None None 2024-06-25 09:23:42 UTC
Red Hat Product Errata RHBA-2024:4090 0 None None None 2024-06-25 09:23:55 UTC
Red Hat Product Errata RHBA-2024:4091 0 None None None 2024-06-25 09:25:00 UTC
Red Hat Product Errata RHBA-2024:4111 0 None None None 2024-06-26 01:39:41 UTC
Red Hat Product Errata RHBA-2024:4117 0 None None None 2024-06-26 09:17:57 UTC
Red Hat Product Errata RHBA-2024:4143 0 None None None 2024-06-26 18:56:03 UTC
Red Hat Product Errata RHBA-2024:4168 0 None None None 2024-06-27 14:26:22 UTC
Red Hat Product Errata RHBA-2024:4175 0 None None None 2024-07-01 00:21:37 UTC
Red Hat Product Errata RHBA-2024:4176 0 None None None 2024-07-01 00:26:56 UTC
Red Hat Product Errata RHBA-2024:4177 0 None None None 2024-07-01 00:27:49 UTC
Red Hat Product Errata RHBA-2024:4178 0 None None None 2024-07-01 00:25:57 UTC
Red Hat Product Errata RHBA-2024:4182 0 None None None 2024-07-01 05:09:29 UTC
Red Hat Product Errata RHBA-2024:4183 0 None None None 2024-07-01 05:13:07 UTC
Red Hat Product Errata RHBA-2024:4187 0 None None None 2024-07-01 07:23:49 UTC
Red Hat Product Errata RHBA-2024:4188 0 None None None 2024-07-01 07:35:12 UTC
Red Hat Product Errata RHBA-2024:4189 0 None None None 2024-07-01 07:35:20 UTC
Red Hat Product Errata RHBA-2024:4190 0 None None None 2024-07-01 07:34:58 UTC
Red Hat Product Errata RHBA-2024:4191 0 None None None 2024-07-01 07:34:52 UTC
Red Hat Product Errata RHBA-2024:4192 0 None None None 2024-07-01 07:34:44 UTC
Red Hat Product Errata RHBA-2024:4193 0 None None None 2024-07-01 07:34:37 UTC
Red Hat Product Errata RHBA-2024:4194 0 None None None 2024-07-01 07:34:27 UTC
Red Hat Product Errata RHBA-2024:4202 0 None None None 2024-07-01 12:29:13 UTC
Red Hat Product Errata RHBA-2024:4203 0 None None None 2024-07-01 12:14:36 UTC
Red Hat Product Errata RHBA-2024:4206 0 None None None 2024-07-01 13:09:46 UTC
Red Hat Product Errata RHBA-2024:4218 0 None None None 2024-07-02 11:52:26 UTC
Red Hat Product Errata RHSA-2024:3347 0 None None None 2024-05-23 16:17:07 UTC
Red Hat Product Errata RHSA-2024:3391 0 None None None 2024-05-28 13:02:41 UTC
Red Hat Product Errata RHSA-2024:3466 0 None None None 2024-05-29 13:20:09 UTC
Red Hat Product Errata RHSA-2024:4058 0 None None None 2024-06-24 04:45:18 UTC
Red Hat Product Errata RHSA-2024:4078 0 None None None 2024-06-25 05:39:56 UTC
Red Hat Product Errata RHSA-2024:4243 0 None None None 2024-07-02 15:23:59 UTC
Red Hat Product Errata RHSA-2024:4406 0 None None None 2024-07-09 08:48:49 UTC
Red Hat Product Errata RHSA-2024:4865 0 None None None 2024-07-25 10:41:33 UTC
Red Hat Product Errata RHSA-2024:4871 0 None None None 2024-07-25 14:29:23 UTC

Comment 12 errata-xmlrpc 2024-05-23 16:17:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3347 https://access.redhat.com/errata/RHSA-2024:3347

Comment 13 errata-xmlrpc 2024-05-28 13:02:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:3391 https://access.redhat.com/errata/RHSA-2024:3391

Comment 14 errata-xmlrpc 2024-05-29 13:20:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3466 https://access.redhat.com/errata/RHSA-2024:3466

Comment 15 errata-xmlrpc 2024-06-24 04:45:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:4058 https://access.redhat.com/errata/RHSA-2024:4058

Comment 16 errata-xmlrpc 2024-06-25 05:39:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:4078 https://access.redhat.com/errata/RHSA-2024:4078

Comment 17 errata-xmlrpc 2024-07-02 15:23:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:4243 https://access.redhat.com/errata/RHSA-2024:4243

Comment 18 errata-xmlrpc 2024-07-09 08:48:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:4406 https://access.redhat.com/errata/RHSA-2024:4406

Comment 19 errata-xmlrpc 2024-07-25 10:41:30 UTC
This issue has been addressed in the following products:

  Service Interconnect 1.4 for RHEL 9

Via RHSA-2024:4865 https://access.redhat.com/errata/RHSA-2024:4865

Comment 20 errata-xmlrpc 2024-07-25 14:29:20 UTC
This issue has been addressed in the following products:

  Service Interconnect 1 for RHEL 9

Via RHSA-2024:4871 https://access.redhat.com/errata/RHSA-2024:4871


Note You need to log in before you can comment on or make changes to this bug.