CVE Vulnerabilities

CVE-2024-8088

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: Aug 22, 2024 | Modified: Sep 04, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
5.3 MODERATE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

There is a HIGH severity vulnerability affecting the CPython zipfile module affecting zipfile.Path. Note that the more common API zipfile.ZipFile class is unaffected.

When iterating over names of entries in a zip archive (for example, methods of zipfile.Path like namelist(), iterdir(), etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name Vendor Start Version End Version
Red Hat Enterprise Linux 8 RedHat python39:3.9-8100020240826142629.d47b87a4 *
Red Hat Enterprise Linux 8 RedHat python39-devel:3.9-8100020240826142629.d47b87a4 *
Red Hat Enterprise Linux 8 RedHat python3.12-0:3.12.5-2.el8_10 *
Red Hat Enterprise Linux 8 RedHat python3.11-0:3.11.9-7.el8_10 *
Red Hat Enterprise Linux 9 RedHat python3.12-0:3.12.5-2.el9 *
Red Hat Enterprise Linux 9 RedHat python3.11-0:3.11.9-7.el9 *
Red Hat Enterprise Linux 9 RedHat python3.9-0:3.9.19-8.el9 *
Red Hat Enterprise Linux 9 RedHat python3.9-0:3.9.19-8.el9 *
Python3.10 Ubuntu jammy *
Python3.12 Ubuntu noble *
Python3.12 Ubuntu upstream *
Python3.13 Ubuntu upstream *
Python3.4 Ubuntu trusty/esm *
Python3.5 Ubuntu trusty/esm *
Python3.8 Ubuntu focal *

References