<p>Upgrade <code>Debian:10</code> <code>python2.7</code> to version 2.7.16-2+deb10u4 or higher.</p>

CVE-2024-0450 Affecting python2.7 package, versions <2.7.16-2+deb10u4

Snyk CVSS

NVD CVSS Score is not yet available. When available we recommend using the distro's own rating score.

Threat Intelligence

EPSS 0.04% (13^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DEBIAN10-PYTHON27-6476553
published 22 Mar 2024
disclosed 19 Mar 2024

Report a new vulnerability Found a mistake?

Introduced: 19 Mar 2024

CVE-2024-0450 Open this link in a new tab

How to fix?

Upgrade Debian:10 python2.7 to version 2.7.16-2+deb10u4 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream python2.7 package and not the python2.7 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.

The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.