CVE-2024-5569

Denial of Service in Zipp (and Zipfile module of Python’s standard library)

Reported a Denial of Service (infinite loop) vulnerability in the zipp module, which also affects Python’s built-in zipfile module (part of the standard library). The issue is triggered by a crafted ZIP file with malformed paths, leading to infinite loops when using Path operations like iterdir() or joinpath().

References

• https://huntr.com/bounties/be898306-11f9-46b4-b28c-f4c4aa4ffbae
• https://nvd.nist.gov/vuln/detail/CVE-2024-5569