How severe is CVE-2024-8088?

This vulnerability has a severity rating of HIGH with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-8088?

This is classified as CWE-835, which is a common weakness in software security.

CVE-2024-8088 - HIGH Severity | CVSS N/A

Vulnerability Description

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.

Related Vulnerabilities

CVE-2018-20784

CRITICAL

CVSS:9.8(Critical)

In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspeci...

CWE-8352018

CVE-2021-42143

CRITICAL

CVSS:9.1(Critical)

An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to ca...

CWE-8352021

CVE-2024-43366

CRITICAL

CVSS:9.1(Critical)

zkvyper is a Vyper compiler. Starting in version 1.3.12 and prior to version 1.5.3, since LLL IR has no Turing-incompletness restrictions, it is compiled to a loop with a much more late exit condition...

CWE-8352024

CVE-2018-8002

HIGH

CVSS:8.8(High)

In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vul...

CWE-8352018

CVE-2023-20020

HIGH

CVSS:8.6(High)

A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote att...

CWE-8352023

CVE-2023-20083

HIGH

CVSS:8.6(High)

A vulnerability in ICMPv6 inspection when configured with the Snort 2 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the CP...

CWE-8352023