CVE-2024-6232

CVE-2024-6232: Regular-expression DoS when parsing TarFile headers

Vendor Python Software Foundation
Product CPython
Weakness CWE-1333
Published September 3, 2024
Last update November 3, 2025

CVSS base score

What the vulnerability does

01Description

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

Key dates

02Disclosure timeline

September 3, 2024 CVE published
November 3, 2025 Record updated