CVE-2024-7592

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-7592
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-7592.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-7592
Aliases
Downstream
Related
Published
2024-08-19T19:06:45.311Z
Modified
2026-05-14T03:52:53.245312425Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Quadratic complexity parsing cookies with backslashes
Details

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module.

When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/7xxx/CVE-2024-7592.json",
    "cwe_ids": [
        "CWE-400"
    ],
    "cna_assigner": "PSF"
}
References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type
GIT
Repo
https://github.com/python/cpython
Events
Introduced
2268289a47c6e3c9a220b53697f9480ec390466f
Fixed
ec610069637d56101896803a70d418a89afe0b4b

Affected versions

v3.*
v3.13.0b1
v3.13.0b2
v3.13.0b3
v3.13.0b4
v3.13.0rc1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-7592.json"