登录 注册
开源 企业版 高校版 私有云 模力方舟 Gitee AI
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
25 Star 1 Fork 14

src-openEuler/python2

代码 Issues 27 Pull Requests 0 Wiki 统计 流水线
服务
Issues
 / 详情

CVE-2024-6232

待办的
CVE和安全问题
openeuler-ci-bot
拥有者
创建于  
2025-01-22 08:10

一、漏洞信息
漏洞编号:CVE-2024-6232
漏洞归属组件:python2
漏洞归属的版本:2.7.18
CVSS V3.0分值:
BaseScore:7.5 High
Vector:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞简述:
There is a MEDIUM severity vulnerability affecting CPython.Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
漏洞公开时间:2024-09-03 21:15:05
漏洞创建时间:2025-01-22 08:10:35
漏洞详情参考链接:
https://nvd.nist.gov/vuln/detail/CVE-2024-6232

更多参考(点击展开)
参考来源 参考链接 来源链接
cna.python.org https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06
cna.python.org https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4
cna.python.org https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d
cna.python.org https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877
cna.python.org https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf
cna.python.org https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373
cna.python.org https://github.com/python/cpython/issues/121285
cna.python.org https://github.com/python/cpython/pull/121286
cna.python.org https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/
suse_bugzilla http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-6232 https://bugzilla.suse.com/show_bug.cgi?id=1230227
suse_bugzilla https://www.cve.org/CVERecord?id=CVE-2024-6232 https://bugzilla.suse.com/show_bug.cgi?id=1230227
suse_bugzilla https://github.com/python/cpython/issues/121285 https://bugzilla.suse.com/show_bug.cgi?id=1230227
suse_bugzilla https://github.com/python/cpython/pull/121286 https://bugzilla.suse.com/show_bug.cgi?id=1230227
suse_bugzilla https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://bugzilla.suse.com/show_bug.cgi?id=1230227
suse_bugzilla https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06 https://bugzilla.suse.com/show_bug.cgi?id=1230227
suse_bugzilla https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4 https://bugzilla.suse.com/show_bug.cgi?id=1230227
suse_bugzilla https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf https://bugzilla.suse.com/show_bug.cgi?id=1230227
suse_bugzilla https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373 https://bugzilla.suse.com/show_bug.cgi?id=1230227
suse_bugzilla https://seclists.org/oss-sec/2024/q3/241 https://bugzilla.suse.com/show_bug.cgi?id=1230227
suse_bugzilla https://mail.python.org/mailman3/lists/security-announce.python.org/ https://bugzilla.suse.com/show_bug.cgi?id=1230227
suse_bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://bugzilla.suse.com/show_bug.cgi?id=1230227
suse_bugzilla https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d https://bugzilla.suse.com/show_bug.cgi?id=1230227
suse_bugzilla https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877 https://bugzilla.suse.com/show_bug.cgi?id=1230227
redhat_bugzilla https://access.redhat.com/errata/RHSA-2024:6909 https://bugzilla.redhat.com/show_bug.cgi?id=2309426
redhat_bugzilla https://access.redhat.com/errata/RHSA-2024:6975 https://bugzilla.redhat.com/show_bug.cgi?id=2309426
redhat_bugzilla https://access.redhat.com/errata/RHSA-2024:7415 https://bugzilla.redhat.com/show_bug.cgi?id=2309426
redhat_bugzilla https://access.redhat.com/errata/RHSA-2024:7647 https://bugzilla.redhat.com/show_bug.cgi?id=2309426
redhat_bugzilla https://access.redhat.com/errata/RHSA-2024:8130 https://bugzilla.redhat.com/show_bug.cgi?id=2309426
redhat_bugzilla https://access.redhat.com/errata/RHSA-2024:8359 https://bugzilla.redhat.com/show_bug.cgi?id=2309426
redhat_bugzilla https://access.redhat.com/errata/RHSA-2024:8374 https://bugzilla.redhat.com/show_bug.cgi?id=2309426
redhat_bugzilla https://access.redhat.com/errata/RHSA-2024:8447 https://bugzilla.redhat.com/show_bug.cgi?id=2309426
redhat_bugzilla https://access.redhat.com/errata/RHSA-2024:8446 https://bugzilla.redhat.com/show_bug.cgi?id=2309426
redhat_bugzilla https://access.redhat.com/errata/RHSA-2024:8490 https://bugzilla.redhat.com/show_bug.cgi?id=2309426
redhat_bugzilla https://access.redhat.com/errata/RHSA-2024:8504 https://bugzilla.redhat.com/show_bug.cgi?id=2309426
redhat_bugzilla https://access.redhat.com/errata/RHSA-2024:8797 https://bugzilla.redhat.com/show_bug.cgi?id=2309426
redhat_bugzilla https://access.redhat.com/errata/RHSA-2024:8838 https://bugzilla.redhat.com/show_bug.cgi?id=2309426
redhat_bugzilla https://access.redhat.com/errata/RHSA-2024:8836 https://bugzilla.redhat.com/show_bug.cgi?id=2309426
redhat_bugzilla https://access.redhat.com/errata/RHSA-2024:8977 https://bugzilla.redhat.com/show_bug.cgi?id=2309426
redhat_bugzilla https://access.redhat.com/errata/RHSA-2024:9450 https://bugzilla.redhat.com/show_bug.cgi?id=2309426
redhat_bugzilla https://access.redhat.com/errata/RHSA-2024:9451 https://bugzilla.redhat.com/show_bug.cgi?id=2309426
redhat_bugzilla https://access.redhat.com/errata/RHSA-2024:9468 https://bugzilla.redhat.com/show_bug.cgi?id=2309426
ubuntu https://www.cve.org/CVERecord?id=CVE-2024-6232 https://ubuntu.com/security/CVE-2024-6232
ubuntu https://github.com/python/cpython/pull/121286 https://ubuntu.com/security/CVE-2024-6232
ubuntu https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://ubuntu.com/security/CVE-2024-6232
ubuntu https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://ubuntu.com/security/CVE-2024-6232
ubuntu https://launchpad.net/bugs/cve/CVE-2024-6232 https://ubuntu.com/security/CVE-2024-6232
ubuntu https://security-tracker.debian.org/tracker/CVE-2024-6232 https://ubuntu.com/security/CVE-2024-6232
ubuntu https://github.com/python/cpython/issues/121285 https://ubuntu.com/security/CVE-2024-6232
debian https://security-tracker.debian.org/tracker/CVE-2024-6232
oracle https://www.oracle.com/security-alerts/bulletinjan2025.html
anolis https://anas.openanolis.cn/cves/detail/CVE-2024-6232
cve_search https://github.com/python/cpython/pull/121286
cve_search https://github.com/python/cpython/issues/121285
cve_search https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/
cve_search https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06
cve_search https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4
cve_search https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf
cve_search https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373
cve_search https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d
cve_search https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877
mageia http://advisories.mageia.org/MGASA-2024-0317.html

漏洞分析指导链接:
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
其它
漏洞补丁信息:

详情(点击展开)
影响的包 修复版本 修复补丁 问题引入补丁 来源
https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06 cna.python.org
https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4 cna.python.org
https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d cna.python.org
https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877 cna.python.org
https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf cna.python.org
https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373 cna.python.org
https://github.com/python/cpython/pull/121286 cna.python.org
https://github.com/python/cpython/pull/121286 suse_bugzilla
https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06 suse_bugzilla
https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4 suse_bugzilla
https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf suse_bugzilla
https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373 suse_bugzilla
https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d suse_bugzilla
https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877 suse_bugzilla
https://github.com/python/cpython/pull/121286 ubuntu
https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06 nvd
https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4 nvd
https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf nvd
https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373 nvd
https://github.com/python/cpython/issues/121285 nvd
https://github.com/python/cpython/pull/121286 nvd
https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ nvd
python2.7 https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4 ubuntu

二、漏洞分析结构反馈
影响性分析说明:

openEuler评分:
7.5
Vector:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
受影响版本排查(受影响/不受影响):
1.master(2.7.18):
2.openEuler-20.03-LTS-SP4:
3.openEuler-22.03-LTS-SP3:
4.openEuler-22.03-LTS-SP4:
5.openEuler-24.03-LTS:
6.openEuler-24.03-LTS-Next:
7.openEuler-24.03-LTS-SP1:

修复是否涉及abi变化(是/否):
1.master(2.7.18):
2.openEuler-20.03-LTS-SP4:
3.openEuler-22.03-LTS-SP3:
4.openEuler-22.03-LTS-SP4:
5.openEuler-24.03-LTS:
6.openEuler-24.03-LTS-Next:
7.openEuler-24.03-LTS-SP1:

原因说明:
1.master(2.7.18):
2.openEuler-20.03-LTS-SP4:
3.openEuler-22.03-LTS-SP3:
4.openEuler-22.03-LTS-SP4:
5.openEuler-24.03-LTS:
6.openEuler-24.03-LTS-Next:
7.openEuler-24.03-LTS-SP1:

评论 (3)

5329419 openeuler ci bot 1632792936
openeuler-ci-bot 创建了CVE和安全问题 3个月前
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 添加了
 
CVE/UNFIXED
标签 3个月前
展开全部操作日志
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 添加了
 
sig/sig-recycle
标签 3个月前
参考网址 关联pr 状态 补丁链接
https://nvd.nist.gov/vuln/detail/CVE-2024-6232NoneNonehttps://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06
https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf
https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373
https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4
https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877
https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d
https://ubuntu.com/security/CVE-2024-6232NoneNonehttps://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06
https://discourse.ubuntu.com/c/project
https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf
https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373
https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4
https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d
https://www.opencve.io/cve/CVE-2024-6232
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-6232
https://security-tracker.debian.org/tracker/CVE-2024-6232NoneNonehttps://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06
https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4
https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf
https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373

说明:补丁链接仅供初步排查参考,实际可用性请人工再次确认,补丁下载验证可使用CVE补丁工具
若补丁不准确,烦请在此issue下评论 '/report-patch 参考网址 补丁链接1,补丁链接2' 反馈正确信息,便于我们不断优化工具,不胜感激。
如 /report-patch https://security-tracker.debian.org/tracker/CVE-2021-3997 https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 计划开始日期设置为2025-01-22 3个月前
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 计划截止日期设置为2025-02-21 3个月前
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 优先级设置为主要 3个月前
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 修改了描述 3个月前
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 计划开始日期2025-01-22 修改为2025-01-23 3个月前
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 计划截止日期2025-02-21 修改为2025-02-06 3个月前
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 计划开始日期2025-01-23 修改为2025-02-01 3个月前
5329419 openeuler ci bot 1632792936
openeuler-ci-bot 计划截止日期2025-02-06 修改为2025-02-15 3个月前

登录 后才可以发表评论

状态
负责人
项目
未立项任务
未立项任务
Pull Requests
未关联
未关联
关联的 Pull Requests 被合并后可能会关闭此 issue
预计工期 (小时)
开始日期   -   截止日期
-
置顶选项
不置顶
不置顶
置顶等级:高
置顶等级:中
置顶等级:低
优先级
主要
不指定
严重
主要
次要
不重要
标签
CVE/UNFIXED
sig/sig-recycle
里程碑
未关联里程碑
未关联里程碑
分支
未关联
分支 (9)
标签 (5)
master
openEuler-20.09
openEuler-20.03-LTS
openEuler-20.03-LTS-Next
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
openEuler1.0-base
openEuler1.0
openEuler-20.03-LTS-SP3-release
openEuler-20.03-LTS-SP2-20210624
openEuler-20.09-20200929
openEuler-20.03-LTS-20200606
openEuler-20.03-LTS-tag
参与者(1)
5329419 openeuler ci bot 1632792936
1
https://gitee.com/src-openeuler/python2.git
git@gitee.com:src-openeuler/python2.git
src-openeuler
python2
python2
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
仓库举报
回到顶部