BIT-libpython-2024-0450

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/libpython/BIT-libpython-2024-0450.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-libpython-2024-0450
Aliases
Published
2025-08-11T13:52:36.704Z
Modified
2025-08-11T14:44:41.010661Z
Summary
Quoted zip-bomb protection for zipfile
Details

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.

The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.

Database specific 
{
    "cpes": [
        "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / libpython

Package

Name
libpython
Purl
pkg:bitnami/libpython

Severity

  • 6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.8.19
Introduced
3.9.0
Fixed
3.9.19
Introduced
3.10.0
Fixed
3.10.14
Introduced
3.11.0
Fixed
3.11.8
Introduced
3.12.0
Fixed
3.12.2