VDB

GCVE-110-MAGEIA-2024-96

GCVE-110-MAGEIA-2024-96
Advisory Published
Vulnetix · Advisory published March 28, 2024
The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. (CVE-2023-6597) The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. (CVE-2024-0450)

Affected Products

VendorProductVersionsPlatforms
Mageiapython33.10.11-1.2.mga9 (unaffected), 0 (affected), 3.10.11-1.2.mga9 (unaffected), 0 (affected)
Mageiapython0 (affected), 0 (affected), 2.7.18-15.2.mga9 (unaffected), 2.7.18-15.2.mga9 (unaffected)
Mageiaiproute20 (affected), 6.6.0-1.mga9 (unaffected)

Browse GCVE Records

73,053 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›