Fluid Attacks Database

Description

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	python3.9	=3.9.2-1 \|\| =3.9.2-1+deb11u1 \|\| >=0 <3.9.2-1+deb11u2	3.9.2-1+deb11u2
debian 12	python3.11	=3.11.2-6 \|\| =3.11.2-6+deb12u1 \|\| =3.11.2-6+deb12u2 \|\| =3.11.2-6+deb12u3 \|\| >=0 <3.11.2-6+deb12u4	3.11.2-6+deb12u4
alpine v3.21	python3	=3.1.3-r0 \|\| =3.10.0-r0 \|\| =3.10.0-r1 \|\| =3.10.1-r0 \|\| =3.10.2-r0 \|\| =3.10.2-r1 \|\| =3.10.3-r0 \|\| =3.10.3-r1 \|\| =3.10.4-r0 \|\| =3.10.5-r0 \|\| =3.10.5-r1 \|\| =3.10.5-r2 \|\| =3.10.6-r0 \|\| =3.10.6-r1 \|\| =3.10.7-r0 \|\| =3.10.8-r0 \|\| =3.10.8-r1 \|\| =3.10.8-r2 \|\| =3.10.8-r3 \|\| =3.11.0-r0 \|\| =3.11.0-r1 \|\| =3.11.0-r2 \|\| =3.11.1-r0 \|\| =3.11.1-r1 \|\| =3.11.1-r2 \|\| =3.11.1-r3 \|\| =3.11.1-r4 \|\| =3.11.2-r0 \|\| =3.11.3-r0 \|\| =3.11.3-r1 \|\| =3.11.3-r10 \|\| =3.11.3-r11 \|\| =3.11.3-r2 \|\| =3.11.3-r3 \|\| =3.11.3-r4 \|\| =3.11.3-r5 \|\| =3.11.3-r6 \|\| =3.11.3-r7 \|\| =3.11.3-r8 \|\| =3.11.3-r9 \|\| =3.11.4-r0 \|\| =3.11.4-r1 \|\| =3.11.4-r2 \|\| =3.11.4-r3 \|\| =3.11.4-r4 \|\| =3.11.5-r0 \|\| =3.11.6-r0 \|\| =3.11.6-r1 \|\| =3.11.6-r2 \|\| =3.11.7-r0 \|\| =3.11.7-r1 \|\| =3.11.8-r0 \|\| =3.12.2-r0 \|\| =3.12.2-r1 \|\| =3.12.3-r0 \|\| =3.12.3-r1 \|\| =3.12.4-r0 \|\| =3.12.5-r0 \|\| =3.12.5-r1 \|\| =3.2.0-r0 \|\| =3.2.3-r0 \|\| =3.3.0-r0 \|\| =3.3.2-r0 \|\| =3.3.3-r0 \|\| =3.3.4-r0 \|\| =3.4.1-r0 \|\| =3.4.2-r0 \|\| =3.4.2-r1 \|\| =3.4.3-r1 \|\| =3.4.3-r2 \|\| =3.5.0-r0 \|\| =3.5.1-r0 \|\| =3.5.1-r1 \|\| =3.5.1-r2 \|\| =3.5.1-r3 \|\| =3.5.2-r0 \|\| =3.5.2-r1 \|\| =3.5.2-r10 \|\| =3.5.2-r2 \|\| =3.5.2-r3 \|\| =3.5.2-r4 \|\| =3.5.2-r5 \|\| =3.5.2-r6 \|\| =3.5.2-r7 \|\| =3.5.2-r8 \|\| =3.5.2-r9 \|\| =3.6.0-r0 \|\| =3.6.1-r0 \|\| =3.6.1-r1 \|\| =3.6.1-r2 \|\| =3.6.1-r3 \|\| =3.6.1-r4 \|\| =3.6.2-r0 \|\| =3.6.2-r1 \|\| =3.6.2-r2 \|\| =3.6.2-r3 \|\| =3.6.3-r3 \|\| =3.6.3-r4 \|\| =3.6.3-r5 \|\| =3.6.3-r6 \|\| =3.6.3-r7 \|\| =3.6.3-r8 \|\| =3.6.3-r9 \|\| =3.6.4-r0 \|\| =3.6.4-r1 \|\| =3.6.6-r0 \|\| =3.6.6-r1 \|\| =3.6.6-r2 \|\| =3.6.6-r3 \|\| =3.6.7-r0 \|\| =3.6.8-r0 \|\| =3.6.8-r1 \|\| =3.6.8-r2 \|\| =3.7.2-r0 \|\| =3.7.3-r0 \|\| =3.7.3-r1 \|\| =3.7.4-r0 \|\| =3.7.5-r0 \|\| =3.7.5-r1 \|\| =3.8.0-r0 \|\| =3.8.1-r0 \|\| =3.8.1-r1 \|\| =3.8.1-r2 \|\| =3.8.1-r3 \|\| =3.8.2-r0 \|\| =3.8.2-r1 \|\| =3.8.2-r2 \|\| =3.8.2-r3 \|\| =3.8.2-r4 \|\| =3.8.2-r5 \|\| =3.8.2-r6 \|\| =3.8.2-r7 \|\| =3.8.3-r0 \|\| =3.8.4-r0 \|\| =3.8.5-r0 \|\| =3.8.5-r1 \|\| =3.8.5-r2 \|\| =3.8.6-r0 \|\| =3.8.7-r0 \|\| =3.8.7-r1 \|\| =3.8.7-r2 \|\| =3.8.7-r3 \|\| =3.8.8-r0 \|\| =3.9.1-r0 \|\| =3.9.2-r0 \|\| =3.9.4-r0 \|\| =3.9.5-r0 \|\| =3.9.5-r1 \|\| =3.9.6-r0 \|\| =3.9.6-r1 \|\| =3.9.6-r2 \|\| =3.9.7-r2 \|\| =3.9.7-r3 \|\| =3.9.7-r4 \|\| >=0 <3.12.6-r0	3.12.6-r0
debian 12	pypy3	=7.3.11+dfsg-2 \|\| =7.3.11+dfsg-2+deb12u1 \|\| =7.3.11+dfsg-2+deb12u2 \|\| =7.3.11+dfsg-2+deb12u3 \|\| =7.3.12+dfsg-1 \|\| =7.3.12~rc1+dfsg-1 \|\| =7.3.12~rc2+dfsg-1 \|\| =7.3.13+dfsg-1 \|\| =7.3.14+dfsg-1 \|\| =7.3.15+dfsg-1 \|\| =7.3.16+dfsg-1 \|\| =7.3.16+dfsg-2 \|\| =7.3.17+dfsg-1 \|\| =7.3.17+dfsg-2 \|\| =7.3.17+dfsg-3 \|\| =7.3.18+dfsg-1 \|\| =7.3.18+dfsg-2 \|\| =7.3.19+dfsg-1 \|\| =7.3.19+dfsg-2 \|\| =7.3.20+dfsg-1 \|\| =7.3.20+dfsg-2 \|\| =7.3.20+dfsg-3 \|\| =7.3.20+dfsg-4 \|\| =7.3.21+dfsg-1 \|\| =7.3.21+dfsg-2 \|\| =7.3.21+dfsg-3 \|\| =7.3.21+dfsg-4	-
debian 11	python2.7	=2.7.18-10 \|\| =2.7.18-11 \|\| =2.7.18-12 \|\| =2.7.18-13 \|\| =2.7.18-13.1 \|\| =2.7.18-13.1~exp1 \|\| =2.7.18-13.2 \|\| =2.7.18-8 \|\| =2.7.18-8+deb11u1 \|\| =2.7.18-9	-
alpine v3.19	python3	=3.1.3-r0 \|\| =3.10.0-r0 \|\| =3.10.0-r1 \|\| =3.10.1-r0 \|\| =3.10.2-r0 \|\| =3.10.2-r1 \|\| =3.10.3-r0 \|\| =3.10.3-r1 \|\| =3.10.4-r0 \|\| =3.10.5-r0 \|\| =3.10.5-r1 \|\| =3.10.5-r2 \|\| =3.10.6-r0 \|\| =3.10.6-r1 \|\| =3.10.7-r0 \|\| =3.10.8-r0 \|\| =3.10.8-r1 \|\| =3.10.8-r2 \|\| =3.10.8-r3 \|\| =3.11.0-r0 \|\| =3.11.0-r1 \|\| =3.11.0-r2 \|\| =3.11.1-r0 \|\| =3.11.1-r1 \|\| =3.11.1-r2 \|\| =3.11.1-r3 \|\| =3.11.1-r4 \|\| =3.11.2-r0 \|\| =3.11.3-r0 \|\| =3.11.3-r1 \|\| =3.11.3-r10 \|\| =3.11.3-r11 \|\| =3.11.3-r2 \|\| =3.11.3-r3 \|\| =3.11.3-r4 \|\| =3.11.3-r5 \|\| =3.11.3-r6 \|\| =3.11.3-r7 \|\| =3.11.3-r8 \|\| =3.11.3-r9 \|\| =3.11.4-r0 \|\| =3.11.4-r1 \|\| =3.11.4-r2 \|\| =3.11.4-r3 \|\| =3.11.4-r4 \|\| =3.11.5-r0 \|\| =3.11.6-r0 \|\| =3.11.6-r1 \|\| =3.11.8-r0 \|\| =3.11.9-r0 \|\| =3.11.9-r1 \|\| =3.2.0-r0 \|\| =3.2.3-r0 \|\| =3.3.0-r0 \|\| =3.3.2-r0 \|\| =3.3.3-r0 \|\| =3.3.4-r0 \|\| =3.4.1-r0 \|\| =3.4.2-r0 \|\| =3.4.2-r1 \|\| =3.4.3-r1 \|\| =3.4.3-r2 \|\| =3.5.0-r0 \|\| =3.5.1-r0 \|\| =3.5.1-r1 \|\| =3.5.1-r2 \|\| =3.5.1-r3 \|\| =3.5.2-r0 \|\| =3.5.2-r1 \|\| =3.5.2-r10 \|\| =3.5.2-r2 \|\| =3.5.2-r3 \|\| =3.5.2-r4 \|\| =3.5.2-r5 \|\| =3.5.2-r6 \|\| =3.5.2-r7 \|\| =3.5.2-r8 \|\| =3.5.2-r9 \|\| =3.6.0-r0 \|\| =3.6.1-r0 \|\| =3.6.1-r1 \|\| =3.6.1-r2 \|\| =3.6.1-r3 \|\| =3.6.1-r4 \|\| =3.6.2-r0 \|\| =3.6.2-r1 \|\| =3.6.2-r2 \|\| =3.6.2-r3 \|\| =3.6.3-r3 \|\| =3.6.3-r4 \|\| =3.6.3-r5 \|\| =3.6.3-r6 \|\| =3.6.3-r7 \|\| =3.6.3-r8 \|\| =3.6.3-r9 \|\| =3.6.4-r0 \|\| =3.6.4-r1 \|\| =3.6.6-r0 \|\| =3.6.6-r1 \|\| =3.6.6-r2 \|\| =3.6.6-r3 \|\| =3.6.7-r0 \|\| =3.6.8-r0 \|\| =3.6.8-r1 \|\| =3.6.8-r2 \|\| =3.7.2-r0 \|\| =3.7.3-r0 \|\| =3.7.3-r1 \|\| =3.7.4-r0 \|\| =3.7.5-r0 \|\| =3.7.5-r1 \|\| =3.8.0-r0 \|\| =3.8.1-r0 \|\| =3.8.1-r1 \|\| =3.8.1-r2 \|\| =3.8.1-r3 \|\| =3.8.2-r0 \|\| =3.8.2-r1 \|\| =3.8.2-r2 \|\| =3.8.2-r3 \|\| =3.8.2-r4 \|\| =3.8.2-r5 \|\| =3.8.2-r6 \|\| =3.8.2-r7 \|\| =3.8.3-r0 \|\| =3.8.4-r0 \|\| =3.8.5-r0 \|\| =3.8.5-r1 \|\| =3.8.5-r2 \|\| =3.8.6-r0 \|\| =3.8.7-r0 \|\| =3.8.7-r1 \|\| =3.8.7-r2 \|\| =3.8.7-r3 \|\| =3.8.8-r0 \|\| =3.9.1-r0 \|\| =3.9.2-r0 \|\| =3.9.4-r0 \|\| =3.9.5-r0 \|\| =3.9.5-r1 \|\| =3.9.6-r0 \|\| =3.9.6-r1 \|\| =3.9.6-r2 \|\| =3.9.7-r2 \|\| =3.9.7-r3 \|\| =3.9.7-r4 \|\| >=0 <3.11.10-r0	3.11.10-r0
debian 14	pypy3	>=0 <7.3.18+dfsg-1	7.3.18+dfsg-1
alpine v3.17	python3	=3.1.3-r0 \|\| =3.10.0-r0 \|\| =3.10.0-r1 \|\| =3.10.1-r0 \|\| =3.10.10-r0 \|\| =3.10.11-r0 \|\| =3.10.12-r0 \|\| =3.10.13-r0 \|\| =3.10.14-r0 \|\| =3.10.14-r1 \|\| =3.10.14-r2 \|\| =3.10.2-r0 \|\| =3.10.2-r1 \|\| =3.10.3-r0 \|\| =3.10.3-r1 \|\| =3.10.4-r0 \|\| =3.10.5-r0 \|\| =3.10.5-r1 \|\| =3.10.5-r2 \|\| =3.10.6-r0 \|\| =3.10.6-r1 \|\| =3.10.7-r0 \|\| =3.10.8-r0 \|\| =3.10.8-r1 \|\| =3.10.8-r2 \|\| =3.10.8-r3 \|\| =3.10.9-r0 \|\| =3.10.9-r1 \|\| =3.2.0-r0 \|\| =3.2.3-r0 \|\| =3.3.0-r0 \|\| =3.3.2-r0 \|\| =3.3.3-r0 \|\| =3.3.4-r0 \|\| =3.4.1-r0 \|\| =3.4.2-r0 \|\| =3.4.2-r1 \|\| =3.4.3-r1 \|\| =3.4.3-r2 \|\| =3.5.0-r0 \|\| =3.5.1-r0 \|\| =3.5.1-r1 \|\| =3.5.1-r2 \|\| =3.5.1-r3 \|\| =3.5.2-r0 \|\| =3.5.2-r1 \|\| =3.5.2-r10 \|\| =3.5.2-r2 \|\| =3.5.2-r3 \|\| =3.5.2-r4 \|\| =3.5.2-r5 \|\| =3.5.2-r6 \|\| =3.5.2-r7 \|\| =3.5.2-r8 \|\| =3.5.2-r9 \|\| =3.6.0-r0 \|\| =3.6.1-r0 \|\| =3.6.1-r1 \|\| =3.6.1-r2 \|\| =3.6.1-r3 \|\| =3.6.1-r4 \|\| =3.6.2-r0 \|\| =3.6.2-r1 \|\| =3.6.2-r2 \|\| =3.6.2-r3 \|\| =3.6.3-r3 \|\| =3.6.3-r4 \|\| =3.6.3-r5 \|\| =3.6.3-r6 \|\| =3.6.3-r7 \|\| =3.6.3-r8 \|\| =3.6.3-r9 \|\| =3.6.4-r0 \|\| =3.6.4-r1 \|\| =3.6.6-r0 \|\| =3.6.6-r1 \|\| =3.6.6-r2 \|\| =3.6.6-r3 \|\| =3.6.7-r0 \|\| =3.6.8-r0 \|\| =3.6.8-r1 \|\| =3.6.8-r2 \|\| =3.7.2-r0 \|\| =3.7.3-r0 \|\| =3.7.3-r1 \|\| =3.7.4-r0 \|\| =3.7.5-r0 \|\| =3.7.5-r1 \|\| =3.8.0-r0 \|\| =3.8.1-r0 \|\| =3.8.1-r1 \|\| =3.8.1-r2 \|\| =3.8.1-r3 \|\| =3.8.2-r0 \|\| =3.8.2-r1 \|\| =3.8.2-r2 \|\| =3.8.2-r3 \|\| =3.8.2-r4 \|\| =3.8.2-r5 \|\| =3.8.2-r6 \|\| =3.8.2-r7 \|\| =3.8.3-r0 \|\| =3.8.4-r0 \|\| =3.8.5-r0 \|\| =3.8.5-r1 \|\| =3.8.5-r2 \|\| =3.8.6-r0 \|\| =3.8.7-r0 \|\| =3.8.7-r1 \|\| =3.8.7-r2 \|\| =3.8.7-r3 \|\| =3.8.8-r0 \|\| =3.9.1-r0 \|\| =3.9.2-r0 \|\| =3.9.4-r0 \|\| =3.9.5-r0 \|\| =3.9.5-r1 \|\| =3.9.6-r0 \|\| =3.9.6-r1 \|\| =3.9.6-r2 \|\| =3.9.7-r2 \|\| =3.9.7-r3 \|\| =3.9.7-r4 \|\| >=0 <3.10.15-r0	3.10.15-r0
debian 11	pypy3	=7.3.5+dfsg-2 \|\| =7.3.5+dfsg-2+deb11u1 \|\| =7.3.5+dfsg-2+deb11u2 \|\| =7.3.5+dfsg-2+deb11u3 \|\| =7.3.5+dfsg-2+deb11u4 \|\| >=0 <7.3.5+dfsg-2+deb11u5	7.3.5+dfsg-2+deb11u5
debian 13	python3.13	>=0 <3.13.0~rc2-1	3.13.0~rc2-1

1-10 of 30

Aliases

1. CVE-2024-62322. NVD-2024-62323. OSV-DEBIAN-2024-62324. OSV-2024-62325. OSV-ALPINE-2024-62326. SECURITY-TRACKER-CVE-2024-62327. SECURITY-CVE-2024-6232

References

1. https://github.com/bgutowski/CVE-2025-4517-POC-Sudoers

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.