Moderate severityNVD Advisory· Published Apr 15, 2024· Updated Feb 13, 2025
Regular expression denial of service in Pydantic < 2.4.0
CVE-2024-3772
Description
Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pydanticPyPI | >= 2.0.0, < 2.4.0 | 2.4.0 |
pydanticPyPI | < 1.10.13 | 1.10.13 |
Affected products
23- osv-coords22 versionspkg:apk/chainguard/datadog-agentpkg:apk/chainguard/datadog-agent-core-integrationspkg:apk/chainguard/datadog-agent-fakeintakepkg:apk/chainguard/datadog-agent-jmxpkg:apk/chainguard/datadog-agent-oci-compatpkg:apk/chainguard/datadog-agent-s6-overlaypkg:apk/chainguard/datadog-cluster-agentpkg:apk/chainguard/datadog-cluster-agent-oci-compatpkg:apk/chainguard/dogstatsdpkg:apk/wolfi/datadog-agentpkg:apk/wolfi/datadog-agent-core-integrationspkg:apk/wolfi/datadog-agent-fakeintakepkg:apk/wolfi/datadog-agent-jmxpkg:apk/wolfi/datadog-agent-oci-compatpkg:apk/wolfi/datadog-agent-s6-overlaypkg:apk/wolfi/datadog-cluster-agentpkg:apk/wolfi/datadog-cluster-agent-oci-compatpkg:apk/wolfi/dogstatsdpkg:pypi/pydanticpkg:rpm/opensuse/python-pydantic&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/python-pydantic&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/python-pydantic&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6
< 7.54.0-r1+ 21 more
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: < 7.54.0-r1
- (no CPE)range: >= 2.0.0, < 2.4.0
- (no CPE)range: < 1.10.8-150400.9.10.1
- (no CPE)range: < 1.10.8-150400.9.10.1
- (no CPE)range: < 1.10.8-150400.9.10.1
- Range: 2.0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-mr82-8j83-vxmvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-3772ghsaADVISORY
- github.com/pydantic/pydantic/commit/59d8f38fd6220e3917c53785dbc70317d6f8e631ghsaWEB
- github.com/pydantic/pydantic/commit/e4393ae6145c4dadff739990bb0116c6dec3441bghsaWEB
- github.com/pydantic/pydantic/pull/7360ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JBZLMSH4GAZOVBMT2JUO2LXHY7M2ALIghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JBZLMSH4GAZOVBMT2JUO2LXHY7M2ALI/mitre
News mentions
0No linked articles in our index yet.