Lucene search

K

GoogleOSV:CVE-2024-0397

HistoryJun 17, 2024 - 4:15 p.m.

CVE-2024-0397

2024-06-1716:15:10

Google

osv.dev

2

python

ssl module

memory race condition

cert store stats

get ca certs

cpython 3.10.14

cpython 3.11.9

cpython 3.12.3

cpython 3.13.0a5

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.1%

A defect was discovered in the Python “ssl” module where there is a memory
race condition with the ssl.SSLContext methods “cert_store_stats()” and
“get_ca_certs()”. The race condition can be triggered if the methods are
called at the same time as certificates are loaded into the SSLContext,
such as during the TLS handshake with a certificate directory configured.
This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.

CPENameOperatorVersion
cpythoneq2.4a3
cpythoneq3.4.2
cpythoneq2.4a2
cpythoneq3.7.0a4
cpythoneq3.5.2
cpythoneq2.7b1
cpythoneq3.1.1rc1
cpythoneq3.2a1
cpythoneq3.0rc3
cpythoneq3.12.0b2

Rows per page:

1-10 of 3941

References

www.openwall.com/lists/oss-security/2024/06/17/2

github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d

github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524

github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e

github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286

github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa

github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab

github.com/python/cpython/issues/114572

github.com/python/cpython/pull/114573

mail.python.org/archives/list/[email protected]/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.1%

Related for OSV:CVE-2024-0397

openvas3 osv2 debiancve1 cvelist1 cve1 nvd1 ubuntucve1 vulnrichment1