Sign In

CVE-2024-8088

ADVISORY - nist

Summary

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected.

When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.

EPSS Score: 0.00143 (0.352)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

ADVISORY - redhat

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in