CVE-2024-0450: 
Rocky Linux vulnerability analysis and mitigation

CVE-2024-0450 affects the Python/CPython 'zipfile' module in versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The vulnerability allows attackers to create a zip-bomb type of attack using "quoted-overlap" zip-bombs which exploit the zip format to achieve a high compression ratio (Ubuntu Security, Red Hat Portal).

The vulnerability exists in the zipfile module's handling of overlapping entries in zip archives. The "quoted-overlap" technique exploits the zip format to create zip-bombs with compression ratios that exceed the normal DEFLATE limit by overlapping files inside the zip container. This allows referencing a "kernel" of highly compressed data in multiple files without making multiple copies of it (BAM Software).

When exploited, this vulnerability can lead to a Denial of Service (DoS) condition by consuming excessive storage resources during decompression. A maliciously crafted zip file can expand to consume all available storage space when processed by the vulnerable zipfile module (Red Hat Portal).

The fixed versions of CPython make the zipfile module reject zip archives which overlap entries in the archive. Users should upgrade to the patched versions: Python 3.12.2, 3.11.8, 3.10.14, 3.9.19, or 3.8.19. For systems that cannot be immediately updated, it is recommended to implement additional checks when processing untrusted zip files and run such operations in resource-constrained containers (Python Security).