VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-mmtt-7cs6-5qae

Essentials
Severities (116)
References (54)
Severity details (25)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-mmtt-7cs6-5qae
Aliases	CVE-2024-6232
Summary	There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-1333

Inefficient Regular Expression Complexity

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6232.json
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00319	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00427	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00427	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00427	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00427	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00427	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00427	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00427	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00478	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00478	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00478	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00478	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00478	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00478	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00478	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00478	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00478	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00478	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00478	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00478	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00478	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00478	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00478	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00478	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00478	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00478	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00478	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00478	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00622	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00622	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00627	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00627	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00627	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00627	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00627	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00627	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00694	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00694	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00694	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00731	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00731	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00731	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00731	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00731	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00731	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00731	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00776	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00776	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00776	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00809	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00834	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00834	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00834	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00834	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00834	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00834	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00834	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00834	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00834	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00834	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00834	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00834	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00834	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00834	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.00834	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
epss	0.01106	https://api.first.org/data/v1/epss?cve=CVE-2024-6232
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4
ssvc	Track	https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4
cvssv3.1	7.5	https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06
ssvc	Track	https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06
cvssv3.1	7.5	https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4
ssvc	Track	https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4
cvssv3.1	7.5	https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d
ssvc	Track	https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d
cvssv3.1	7.5	https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877
ssvc	Track	https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877
cvssv3.1	7.5	https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf
ssvc	Track	https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf
cvssv3.1	7.5	https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373
ssvc	Track	https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373
cvssv3.1	7.5	https://github.com/python/cpython/issues/121285
ssvc	Track	https://github.com/python/cpython/issues/121285
cvssv3.1	7.5	https://github.com/python/cpython/pull/121286
cvssv3.1	7.5	https://github.com/python/cpython/pull/121286
ssvc	Track	https://github.com/python/cpython/pull/121286
cvssv3.1	7.5	https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/
ssvc	Track	https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2024-6232
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2024-6232

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6232.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-6232
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6232
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06
		https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4
		https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d
		https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877
		https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf
		https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373
		https://github.com/python/cpython/issues/121285
		https://github.com/python/cpython/pull/121286
		https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/
		https://security.netapp.com/advisory/ntap-20241018-0007/
		http://www.openwall.com/lists/oss-security/2024/09/03/5
2309426		https://bugzilla.redhat.com/show_bug.cgi?id=2309426
34ddb64d088dd7ccc321f6103d23153256caa5d4		https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4
cpe:2.3:a:python:python::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python::::::::
cpe:2.3:a:python:python:3.13.0:alpha0::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.13.0:alpha0::::::
cpe:2.3:a:python:python:3.13.0:alpha1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.13.0:alpha1::::::
cpe:2.3:a:python:python:3.13.0:alpha2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.13.0:alpha2::::::
cpe:2.3:a:python:python:3.13.0:alpha3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.13.0:alpha3::::::
cpe:2.3:a:python:python:3.13.0:alpha4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.13.0:alpha4::::::
cpe:2.3:a:python:python:3.13.0:alpha5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.13.0:alpha5::::::
cpe:2.3:a:python:python:3.13.0:alpha6::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.13.0:alpha6::::::
cpe:2.3:a:python:python:3.13.0:beta1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.13.0:beta1::::::
cpe:2.3:a:python:python:3.13.0:beta2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.13.0:beta2::::::
cpe:2.3:a:python:python:3.13.0:beta3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.13.0:beta3::::::
cpe:2.3:a:python:python:3.13.0:beta4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.13.0:beta4::::::
cpe:2.3:a:python:python:3.13.0:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.13.0:rc1::::::
CVE-2024-6232		https://nvd.nist.gov/vuln/detail/CVE-2024-6232
RHSA-2024:6909		https://access.redhat.com/errata/RHSA-2024:6909
RHSA-2024:6975		https://access.redhat.com/errata/RHSA-2024:6975
RHSA-2024:7415		https://access.redhat.com/errata/RHSA-2024:7415
RHSA-2024:7647		https://access.redhat.com/errata/RHSA-2024:7647
RHSA-2024:8130		https://access.redhat.com/errata/RHSA-2024:8130
RHSA-2024:8359		https://access.redhat.com/errata/RHSA-2024:8359
RHSA-2024:8374		https://access.redhat.com/errata/RHSA-2024:8374
RHSA-2024:8446		https://access.redhat.com/errata/RHSA-2024:8446
RHSA-2024:8447		https://access.redhat.com/errata/RHSA-2024:8447
RHSA-2024:8490		https://access.redhat.com/errata/RHSA-2024:8490
RHSA-2024:8504		https://access.redhat.com/errata/RHSA-2024:8504
RHSA-2024:8797		https://access.redhat.com/errata/RHSA-2024:8797
RHSA-2024:8836		https://access.redhat.com/errata/RHSA-2024:8836
RHSA-2024:8838		https://access.redhat.com/errata/RHSA-2024:8838
RHSA-2024:8977		https://access.redhat.com/errata/RHSA-2024:8977
RHSA-2024:9450		https://access.redhat.com/errata/RHSA-2024:9450
RHSA-2024:9451		https://access.redhat.com/errata/RHSA-2024:9451
RHSA-2024:9468		https://access.redhat.com/errata/RHSA-2024:9468
RHSA-2025:1750		https://access.redhat.com/errata/RHSA-2025:1750
USN-7015-1		https://usn.ubuntu.com/7015-1/
USN-7015-2		https://usn.ubuntu.com/7015-2/
USN-7015-5		https://usn.ubuntu.com/7015-5/
USN-7488-1		https://usn.ubuntu.com/7488-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6232.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/ Found at https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/ Found at https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/ Found at https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/ Found at https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/ Found at https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/ Found at https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/ Found at https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/python/cpython/issues/121285

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/ Found at https://github.com/python/cpython/issues/121285

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/python/cpython/pull/121286

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/python/cpython/pull/121286

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/ Found at https://github.com/python/cpython/pull/121286

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/ Found at https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-6232

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-6232

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.44760
EPSS Score	0.00108
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-09-17T19:11:59.804639+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2024-6232	34.0.1