Intel/CVE-2024-6232
Python
CVE-2024-6232
Python is vulnerable to ReDoS
ReDoS Pre-CVE Published Sep 3, 2024
Found by Aikido Intel before public disclosure or CVE publication.
75
High Risk
This Affects:
PythonAre you affected? Scan for Free
TL;DR
There is a ReDoS vulnerability affecting Python. This could be triggered by having Python open specifically crafted Tar archives.
Who does this affect?
You're running any version of 'Python' up to 3.12.5
Background info
Python is vulnerable to ReDoS in versions < 3.8.20, < 3.9.20, < 3.10.15, < 3.11.10 and < 3.12.6.
How to fix this
Upgrade Python library to patch version.
Links
Fix Commits
github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4
github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06
github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4
github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64dhttps://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d
github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877
github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbfhttps://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf
github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373
Other
mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/
openwall.com/lists/oss-security/2024/09/03/5http://www.openwall.com/lists/oss-security/2024/09/03/5
lists.debian.org/debian-lts-announce/2024/12/msg00000.htmlhttps://lists.debian.org/debian-lts-announce/2024/12/msg00000.html
security.netapp.com/advisory/ntap-20241018-0007/https://security.netapp.com/advisory/ntap-20241018-0007/
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
Resources
Industries
Use Cases
Compare
© 2026 Aikido Security BV | BE0792914919
Keizer Karelstraat 15, 9000, Ghent, Belgium
95 Third St, 2nd Fl, San Francisco, CA 94103, US
Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK
Ghent, Belgium | San Francisco, US
SOC 2Compliant
ISO 27001Compliant