CVE-2024-7592

When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Introduced

deaf509e8fc6e0363bd6f26d52ad42f976ec42f2

Fixed

0c47759eee3e170e04a5dae82f12f6b375ae78f7

Fixed

391e5626e3ee5af267b97e37abc7475732e67621

Fixed

39b2f82717a69dde7212bc39b673b0f55c99e6a3

Fixed

44e458357fca05ca0ae2658d62c8c595b048b5ef

Introduced

9cf6752276e6fcfd0c23fdb064ad27f448aaaf75

Fixed

8c3f7946ec848ec16cf28418c0f984ecaa029541

Introduced

0fb18b02c8ad56299d6a2910be0bab8ad601ef24

Fixed

a4a2d2b0d85273f746c3834ce2753e19c898949d

Fixed

a77ab24427a18bff817025adb03ca920dc3f1a06

Fixed

b2f11ca7667e4d57c71c1c88b255115f16042d9a

Fixed

d4ac921a4b081f7f996a5d2b101684b67ba0ed7f

Fixed

d662e2db2605515a767f88ad48096b8ac623c774

Fixed

dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1

Introduced

b494f5935c92951e75597bfe1c8b1f3112fec270

Fixed

ffee63f34445412322a7afc2535731be221cabba

Affected versions

v3.*

v3.10.0

v3.10.1

v3.10.10

v3.10.11

v3.10.12

v3.10.13

v3.10.14

v3.10.2

v3.10.3

v3.10.4

v3.10.5

v3.10.6

v3.10.7

v3.10.8

v3.10.9

v3.11.0

v3.11.1

v3.11.2

v3.11.3

v3.11.4

v3.11.5

v3.11.6

v3.11.7

v3.11.8

v3.11.9

v3.12.0

v3.12.1

v3.12.2

v3.12.3

v3.12.4

v3.12.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7592.json"