NVD Vulnerability Detail

CVE-2024-6232

Summary	There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
Publication Date	Sept. 3, 2024, 10:15 p.m.
Registration Date	Sept. 4, 2024, 5 a.m.
Last Update	Nov. 21, 2024, 6:49 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2024/09/03/5
2	https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06	Patch
3	https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4	Patch
4	https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d
5	https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877
6	https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf	Patch
7	https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373	Patch
8	https://github.com/python/cpython/issues/121285	Exploit Issue Tracking Patch
9	https://github.com/python/cpython/pull/121286	Issue Tracking Patch
10	https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/	Vendor Advisory
11	https://security.netapp.com/advisory/ntap-20241018-0007/

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-1333	非効率的な正規表現の複雑さ	https://cwe.mitre.org/data/definitions/1333.html

JVN Vulnerability Information

Python Software Foundation の Python における非効率的な正規表現の複雑さに関する脆弱性

Title	Python Software Foundation の Python における非効率的な正規表現の複雑さに関する脆弱性
Summary	Python Software Foundation の Python には、非効率的な正規表現の複雑さに関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
Publication Date	Sept. 3, 2024, midnight
Registration Date	Sept. 5, 2024, 12:18 p.m.
Last Update	Dec. 15, 2025, 2:36 p.m.

Affected System

Python Software Foundation

Python 3.12.5 およびそれ以前

Python 3.13.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-6232	https://www.cve.org/CVERecord?id=CVE-2024-6232
National Vulnerability Database (NVD)
2	CVE-2024-6232	https://nvd.nist.gov/vuln/detail/CVE-2024-6232

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-1333	https://cwe.mitre.org/data/definitions/1333.html

その他

No	Name	URL
JVN
1	JVNVU#99514792	https://jvn.jp/vu/JVNVU99514792/index.html
関連文書
2	github.com (4eaf4891c12589e3c7bdad5f5b076e4c8392dd06)	https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06
3	github.com (743acbe872485dc18df4d8ab2dc7895187f062c4)	https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4
4	github.com (7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d)	https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d
5	github.com (b4225ca91547aa97ed3aca391614afbb255bc877)	https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877
6	github.com (d449caf8a179e3b954268b3a88eb9170be3c8fbf)	https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf
7	github.com (ed3a49ea734ada357ff4442996fd4ae71d253373)	https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373
8	github.com (issues/121285)	https://github.com/python/cpython/issues/121285
9	github.com (pull/121286)	https://github.com/python/cpython/pull/121286
10	mail.python.org (JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY)	https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/

Change Log

No	Changed Details	Date of change
1	[2024年09月05日] 掲載	Sept. 5, 2024, 12:18 p.m.
2	[2025年12月15日] 参考情報：JVN (JVNVU#99514792) を追加	Dec. 15, 2025, 12:13 p.m.