VDB

ALPINE-CVE-2024-6232

ALPINE-CVE-2024-6232 PUBLISHED CVSS 7.5 HIGH

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Alpine:v3.21python33.5.2-r6, 3.8.2-r4, 3.8.2-r3
Alpine:v3.20python33.8.2-r3, 3.8.2-r4, 3.8.2-r5
Alpine:v3.24python30
Alpine:v3.23python30, 3.1.3-r0, 3.10.1-r0
Alpine:v3.17python33.7.3-r0, 3.1.3-r0, 3.10.0-r1
Alpine:v3.22python33.3.3-r0, 3.7.2-r0, 0
Alpine:v3.18python33.8.2-r2, 0, 3.1.3-r0
Alpine:v3.19python33.8.1-r0, 3.8.1-r2, 3.8.1-r3

Timeline

  • Sep 3, 2024 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›