CVE-2024-3772
Published: 15 April 2024
Summary
CVE-2024-3772 is a medium-severity Inefficient Regular Expression Complexity (CWE-1333) vulnerability in Pydantic Pydantic. Its CVSS base score is 5.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 48.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-1252
Vulnerability details
Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2024-3772 is a ReDoS vulnerability in Pydantic allowing remote attackers to cause denial of service via crafted email input, enabling endpoint DoS through application exploitation.
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.