QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-8088

Back to search

CVE-2024-8088

Published: Aug 22, 2024

Modified: Nov 3, 2025

PUBLISHED

Description

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.

VendorProductVersions

Python Software Foundation

CPython

affected
0 - < 3.8.20
affected
3.9.0 - < 3.9.20
affected
3.10.0 - < 3.10.15
affected
3.11.0 - < 3.11.10
affected
3.12.0 - < 3.12.6

+1 more versions

Weaknesses (CWE)

CWE-835

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now