An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: PSF

Published: 2024-03-19T15:12:07.789Z

Updated: 2024-08-02T15:00:26.971Z

Reserved: 2024-01-11T22:16:41.964Z

Link: CVE-2024-0450

cve-icon Vulnrichment

Updated: 2024-08-02T15:00:16.558Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-19T16:15:09.180

Modified: 2024-11-21T08:46:37.017

Link: CVE-2024-0450

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-03-19T00:00:00Z

Links: CVE-2024-0450 - Bugzilla