CVE-2024-6232

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions CPython (affected versions not specified)

Description The issue is related to regular expressions used in tarfile.TarFile header parsing, which can cause excessive backtracking and are vulnerable to ReDoS via specifically-crafted tar archives. This can lead to a denial of service. The vulnerability is associated with incorrect syntax analysis of the file header.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333

Related Identifiers

ALSA-2024:6975

ALSA-2024:8359

ALSA-2024:8374

ALSA-2024:8446

ALSA-2024:8447

ALSA-2024:8836

ALSA-2024:8838

ALSA-2024:9450

ALSA-2024:9451

ALSA-2024:9468

ALT-PU-2024-13459

ALT-PU-2024-16411

AZL-48552

AZL-48585

AZL-48740

BDU:2024-08943

BIT-LIBPYTHON-2024-6232

BIT-PYTHON-2024-6232

BIT-PYTHON-MIN-2024-6232

CESA-2024_6975

CESA-2024_8359

CESA-2024_8836

CESA-2024_8838

CLEANSTART-2026-BM51903

CLEANSTART-2026-CI66802

CLEANSTART-2026-KM27583

CLEANSTART-2026-WV76464

CVE-2024-6232

DLA-3980-1

DLA-4354-1

INFSA-2024_6975

INFSA-2024_8359

INFSA-2024_8374

INFSA-2024_8446

INFSA-2024_8447

INFSA-2024_8836

INFSA-2024_8838

INFSA-2024_9450

INFSA-2024_9451

INFSA-2024_9468

MGASA-2024-0317

OESA-2024-2190

OESA-2024-2191

OESA-2024-2192

OESA-2024-2193

OPENSUSE-SU-2024:14326-1

OPENSUSE-SU-2024:14327-1

OPENSUSE-SU-2024:14340-1

OPENSUSE-SU-2024:14345-1

OPENSUSE-SU-2024:14346-1

OPENSUSE-SU-2024:14370-1

OPENSUSE-SU-2024:14434-1

OPENSUSE-SU-2024_3303-1

OPENSUSE-SU-2024_3357-1

OPENSUSE-SU-2024_3411-1

OPENSUSE-SU-2024_3418-1

OPENSUSE-SU-2024_3427-1

OPENSUSE-SU-2024_3470-1

OPENSUSE-SU-2025:15713-1

PSF-2024-11

RHSA-2024:6909

RHSA-2024:6975

RHSA-2024:7415

RHSA-2024:7647

RHSA-2024:8130

RHSA-2024:8359

RHSA-2024:8374

RHSA-2024:8446

RHSA-2024:8447

RHSA-2024:8490

RHSA-2024:8504

RHSA-2024:8797

RHSA-2024:8836

RHSA-2024:8838

RHSA-2024:8977

RHSA-2024:9450

RHSA-2024:9451

RHSA-2024:9468

RHSA-2024_6975

RHSA-2024_8359

RHSA-2024_8374

RHSA-2024_8446

RHSA-2024_8447

RHSA-2024_8836

RHSA-2024_8838

RHSA-2024_9450

RHSA-2024_9451

RHSA-2024_9468

RHSA-2025:1750

RLSA-2024:6975

RLSA-2024:8359

RLSA-2024:8374

RLSA-2024:8446

RLSA-2024:8447

RLSA-2024:8836

RLSA-2024:8838

ROSA-SA-2025-2873

SUSE-SU-2024:3303-1

SUSE-SU-2024:3357-1

SUSE-SU-2024:3384-1

SUSE-SU-2024:3411-1

SUSE-SU-2024:3418-1

SUSE-SU-2024:3427-1

SUSE-SU-2024:3430-1

SUSE-SU-2024:3447-1

SUSE-SU-2024:3470-1

SUSE-SU-2024_3357-1

SUSE-SU-2024_3384-1

SUSE-SU-2024_3411-1

SUSE-SU-2024_3418-1

SUSE-SU-2024_3427-1

SUSE-SU-2024_3430-1

SUSE-SU-2024_3447-1

SUSE-SU-2025:20065-1

SUSE-SU-2025:20154-1

SUSE-SU-2025:20374-1

USN-7015-1

USN-7015-2

USN-7015-5

USN-7015-6

USN-7488-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Cpython

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2024-6232

Weakness Enumeration

Related Identifiers

Affected Products

References · 373