VDB
DEBIAN-CVE-2024-7592
DEBIAN-CVE-2024-7592
PUBLISHED
CVSS 7.5 HIGH
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | pypy3 | 0, 0 |
| Debian:12 | pypy3 | 7.3.16+dfsg, 7.3.20+dfsg-2, 7.3.20+dfsg-4 |
| Debian:14 | python3.13 | 0, 0 |
| Debian:11 | pypy3 | 0, 7.3.5+dfsg, 7.3.5+dfsg |
| Debian:13 | python3.13 | 0, 0 |
| Debian:11 | python3.9 | 3.9.2-1, 0, * |
| Debian:13 | pypy3 | 0, 0 |
| Debian:12 | python3.11 | 3.11.2-6, 3.11.2-6, 3.11.2-6 |
Exploit Intelligence
- zephyr-crosstool-arm-grype.html (github-poc)
- common.py (github-poc)
- cve_test.go (github-poc)
- cve_test.go (github-poc)
Timeline
- Aug 19, 2024 CVE Published
- Apr 28, 2026 CVE Updated