U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2024-8088 Detail

Description

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

Nist CVSS score does not match with CNA score
CNA:  Python Software Foundation
CVSS-B 8.7 HIGH
Vector:  CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
http://www.openwall.com/lists/oss-security/2024/08/22/1 CVE
http://www.openwall.com/lists/oss-security/2024/08/22/4 CVE
http://www.openwall.com/lists/oss-security/2024/08/23/1 CVE
http://www.openwall.com/lists/oss-security/2024/08/23/2 CVE
https://github.com/python/cpython/commit/0aa1ee22ab6e204e9d3d0e9dd63ea648ed691ef1 Python Software Foundation
https://github.com/python/cpython/commit/2231286d78d328c2f575e0b05b16fe447d1656d6 Python Software Foundation
https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e Python Software Foundation
https://github.com/python/cpython/commit/7bc367e464ce50b956dd232c1dfa1cad4e7fb814 Python Software Foundation
https://github.com/python/cpython/commit/7e8883a3f04d308302361aeffc73e0e9837f19d4 Python Software Foundation
https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 Python Software Foundation
https://github.com/python/cpython/commit/95b073bddefa6243effa08e131e297c0383e7f6a Python Software Foundation
https://github.com/python/cpython/commit/962055268ed4f2ca1d717bfc8b6385de50a23ab7 Python Software Foundation
https://github.com/python/cpython/commit/9cd03263100ddb1657826cc4a71470786cab3932 Python Software Foundation
https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea Python Software Foundation
https://github.com/python/cpython/commit/e0264a61119d551658d9445af38323ba94fc16db Python Software Foundation
https://github.com/python/cpython/commit/fc0b8259e693caa8400fa8b6ac1e494e47ea7798 Python Software Foundation
https://github.com/python/cpython/issues/122905 Python Software Foundation
https://github.com/python/cpython/issues/123270 Python Software Foundation
https://github.com/python/cpython/pull/122906 Python Software Foundation
https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html CVE
https://mail.python.org/archives/list/[email protected]/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ Python Software Foundation
https://security.netapp.com/advisory/ntap-20241011-0010/ CVE

Weakness Enumeration

CWE-ID CWE Name Source
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') Python Software Foundation  

Change History

10 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-8088
NVD Published Date:
08/22/2024
NVD Last Modified:
04/14/2026
Source:
Python Software Foundation