CVE-2024-3772

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-3772

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-3772.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-3772

Aliases

GHSA-mr82-8j83-vxmv

Downstream

DEBIAN-CVE-2024-3772

RHSA-2024:3781

SUSE-SU-2025:0310-1

UBUNTU-CVE-2024-3772

USN-7101-1

openSUSE-SU-2024:13869-1

Related

Published

2024-04-15T03:16:07.987Z

Modified

2025-12-11T11:05:20.780726Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.

References

Affected packages

Git / github.com/samuelcolvin/pydantic

Affected ranges

Type: GIT
Repo: https://github.com/samuelcolvin/pydantic
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8822578619bf8d0bb754b1cf7a2a905b50240d01

Affected versions

V0.*

V0.17

v0.*

v0.0.2

v0.0.3

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v0.0.8

v0.1

v0.10

v0.11

v0.11.1

v0.11.2

v0.12

v0.12.1

v0.13

v0.13.1

v0.14

v0.15

v0.16

v0.16.1

v0.18

v0.18.1

v0.18.2

v0.19

v0.2

v0.2.1

v0.20

v0.20.1

v0.20a1

v0.21

v0.22

v0.23

v0.24

v0.25

v0.26

v0.27

v0.28

v0.29

v0.3

v0.30

v0.30.1

v0.31

v0.31.1

v0.32

v0.4

v0.5

v0.6

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.7

v0.7.1

v0.8

v0.9

v0.9.1

v1.*

v1.0

v1.0b1

v1.0b2

v1.1

v1.10.0

v1.10.0a1

v1.10.0a2

v1.10.0b1

v1.10.1

v1.10.10

v1.10.11

v1.10.12

v1.10.2

v1.10.3

v1.10.4

v1.10.5

v1.10.6

v1.10.7

v1.10.8

v1.10.9

v1.10a1

v1.2

v1.3

v1.4

v1.5

v1.5.1

v1.6

v1.6.1

v1.7

v1.7.1

v1.7.2

v1.8

v1.8.1

v1.9.0

v1.9.0a1

v1.9.0a2