There is a HIGH severity vulnerability affecting the CPython zipfile module affecting zipfile.Path. Note that the more common API zipfile.ZipFile class is unaffected. When iterating over names of entries in a zip archive (for example, methods of zipfile.Path like namelist(), iterdir(), etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.
Find out more about CVE-2024-8088 from the MITRE-CVE dictionary and NIST NVD
Login may be required to access defects or downloads.
| Product Name | Status | Defect | Fixed | Downloads |
|---|---|---|---|---|
| Linux | ||||
| Wind River Linux LTS 17 | Requires LTSS | -- | -- | -- |
| Wind River Linux 8 | Requires LTSS | -- | -- | -- |
| Wind River Linux 9 | Requires LTSS | -- | -- | -- |
| Wind River Linux 7 | Requires LTSS | -- | -- | -- |
| Wind River Linux LTS 21 | Fixed |
LIN1021-11087 |
10.21.20.24 | -- |
| Wind River Linux LTS 22 | Fixed |
LIN1022-10617 |
10.22.33.19 | -- |
| Wind River Linux LTS 18 | Requires LTSS | -- | -- | -- |
| Wind River Linux LTS 19 | Investigating | -- | -- | -- |
| Wind River Linux CD release | N/A | -- | -- | -- |
| Wind River Linux 6 | Requires LTSS | -- | -- | -- |
| Wind River Linux LTS 23 | Investigating | -- | -- | -- |
| Wind River Linux LTS 24 | Fixed |
LIN1024-3564 |
10.24.33.3 | -- |
| VxWorks | ||||
| VxWorks 7 | Vulnerable | -- | -- | -- |
| VxWorks 6.9 | Not Vulnerable | -- | -- | -- |
| Helix Virtualization Platform Cert Edition | ||||
| Helix Virtualization Platform Cert Edition | Not Vulnerable | -- | -- | -- |
| eLxr | ||||
| eLxr 12 | Fixed | -- | 3.11.2-6+deb12u3 | -- |
| Wind River Studio Cloud Platform | ||||
| Product Name | Status | Defect | Fixed | Downloads |
|---|
