Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-7592

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

Published

2024-08-19T19:15:08.180

Last Modified

2025-02-05T21:13:47.837

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-400
Type: Primary
CWE-1333

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	python	python	< 3.8.20	Yes
Application	python	python	< 3.9.20	Yes
Application	python	python	< 3.10.15	Yes
Application	python	python	< 3.11.10	Yes
Application	python	python	< 3.12.6	Yes
Application	python	python	3.13.0	Yes
Application	python	python	3.13.0	Yes
Application	python	python	3.13.0	Yes
Application	python	python	3.13.0	Yes
Application	python	python	3.13.0	Yes
Application	python	python	3.13.0	Yes
Application	python	python	3.13.0	Yes
Application	python	python	3.13.0	Yes
Application	python	python	3.13.0	Yes
Application	python	python	3.13.0	Yes
Application	python	python	3.13.0	Yes
Application	python	python	3.13.0	Yes

References

https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621 Patch ([email protected])
https://github.com/python/cpython/commit/44e458357fca05ca0ae2658d62c8c595b048b5ef Patch ([email protected])
https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06 Patch ([email protected])
https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a Patch ([email protected])
https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f Patch ([email protected])
https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774 Patch ([email protected])
https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1 Patch ([email protected])
https://github.com/python/cpython/issues/123067 Exploit, Issue Tracking, Patch ([email protected])
https://github.com/python/cpython/pull/123075 Issue Tracking, Patch ([email protected])
https://mail.python.org/archives/list/[email protected]/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ Mailing List ([email protected])
https://security.netapp.com/advisory/ntap-20241018-0006/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)