CVE-2024-3772Regex Denial of Service in Pydantic

CWE-1333Regex Denial of Service8 documents7 sources
Severity
7.5HIGHNVD
CNA5.9
EPSS
0.3%
top 48.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PydanticFedoraproject Fedora
Timeline
PublishedApr 15
Latest updateNov 12

Description

Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5pydantic/pydantic1.01.10.13+1
NVDpydantic/pydantic2.02.4.0+1
PyPIpydantic/pydantic2.0.02.4.0+1
Debianpydantic/pydantic< 1.10.13-0.1+1

Also affects: Fedora 38

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
Pydantic regular expression denial of service2024-04-15
CVEList
Regular expression denial of service in Pydantic < 2.4.02024-04-15
OSV
Pydantic regular expression denial of service2024-04-15
OSV
CVE-2024-3772: Regular expression denial of service in Pydanic < 22024-04-15

📋Vendor Advisories

3
Ubuntu
Pydantic vulnerability2024-11-12
Red Hat
python-pydantic: regular expression denial of service via crafted email string2024-04-15
Debian
CVE-2024-3772: pydantic - Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote...2024
CVE-2024-3772 — Regex Denial of Service in Pydantic | cvebase