CVE-2024-7592

HIGH7.5EPSS 0.88%

Quadratic complexity parsing cookies with backslashes

發布日:2024/8/19修改日:2025/12/3

也稱為:ALPINE-CVE-2024-7592

描述

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

受影響套件(8)

Alpine/python3from 0, < 3.10.15-r0
Bitnami/libpythonfrom 0, < 3.8.20, >= 3.9.0, < 3.9.20, >= 3.10.0, < 3.10.15, >= 3.11.0, < 3.11.10, >= 3.12.0, < 3.12.6
Bitnami/pythonfrom 0, < 3.8.20, >= 3.9.0, < 3.9.20, >= 3.10.0, < 3.10.15, >= 3.11.0, < 3.11.10, >= 3.12.0, < 3.12.6
Bitnami/python-minfrom 0, < 3.8.20, >= 3.9.0, < 3.9.20, >= 3.10.0, < 3.10.15, >= 3.11.0, < 3.11.10, >= 3.12.0, < 3.12.6
Debian/pypy3from 0, < 7.3.5+dfsg-2+deb11u5
Debian/python3.11from 0, < 3.11.2-6+deb12u5
Debian/python3.13from 0, < 3.13.0~rc2-1
Debian/python3.9from 0, < 3.9.2-1+deb11u2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

描述

受影響套件(8)

CVSS 分數

參考連結(15)