Fluid Attacks Database

Description

Pydantic regular expression denial of service Regular expression denial of service in Pydantic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	pydantic	=1.10.13-0.1 \|\| =1.10.14-1 \|\| =1.10.17-1 \|\| =1.10.2-1 \|\| =1.10.4-1 \|\| =1.7.4-1 \|\| =1.8.2-1 \|\| =1.9.0-1 \|\| =2.10.1-1 \|\| =2.10.2-1 \|\| =2.10.3-1 \|\| =2.10.4-1 \|\| =2.10.4-2 \|\| =2.10.5-1 \|\| =2.10.6-1 \|\| =2.10.6-2 \|\| =2.12.0~a1-1 \|\| =2.12.2-1 \|\| =2.12.3-1 \|\| =2.12.3-2 \|\| =2.12.4-1 \|\| =2.12.5-1 \|\| =2.12.5-2 \|\| =2.4.2-1 \|\| =2.4.2-2 \|\| =2.4.2-3 \|\| =2.8.2-1 \|\| =2.9.1-1 \|\| =2.9.1-2 \|\| =2.9.2-1 \|\| =2.9.2-2	-
debian 12	pydantic	=1.10.13-0.1 \|\| =1.10.14-1 \|\| =1.10.17-1 \|\| =1.10.4-1 \|\| =2.10.1-1 \|\| =2.10.2-1 \|\| =2.10.3-1 \|\| =2.10.4-1 \|\| =2.10.4-2 \|\| =2.10.5-1 \|\| =2.10.6-1 \|\| =2.10.6-2 \|\| =2.12.0~a1-1 \|\| =2.12.2-1 \|\| =2.12.3-1 \|\| =2.12.3-2 \|\| =2.12.4-1 \|\| =2.12.5-1 \|\| =2.12.5-2 \|\| =2.4.2-1 \|\| =2.4.2-2 \|\| =2.4.2-3 \|\| =2.8.2-1 \|\| =2.9.1-1 \|\| =2.9.1-2 \|\| =2.9.2-1 \|\| =2.9.2-2	-
debian 13	pydantic	>=0 <1.10.13-0.1	1.10.13-0.1
debian 14	pydantic	>=0 <1.10.13-0.1	1.10.13-0.1
pypi	pydantic	>=2.0.0 <2.4.0 \|\| >=0 <1.10.13	2.4.0, 1.10.13

Aliases

1. CVE-2024-37722. NVD-2024-37723. OSV-DEBIAN-2024-37724. OSV-2024-37725. GCVE-2024-37726. SECURITY-TRACKER-CVE-2024-3772

References

1. https://github.com/pydantic/pydantic/pull/73602. https://github.com/pydantic/pydantic/commit/59d8f38fd6220e3917c53785dbc70317d6f8e6313. https://github.com/pydantic/pydantic/commit/e4393ae6145c4dadff739990bb0116c6dec3441b4. https://lists.fedoraproject.org/archives/list/[email protected]/message/6JBZLMSH4GAZOVBMT2JUO2LXHY7M2ALI