130 matches found
Updated python3 packages fix security vulnerabilities
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...
Debian dsa-5759 : idle-python3.11 - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5759 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5759-1 [email protected] https://www.debian.org/securit...
Medium: python3.9
Issue Overview: A defect was discovered in the Python "ssl" module where there is a memory race condition with the ssl.SSLContext methods "certstorestats" and "getcacerts". The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContex...
Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2024-699)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-699 advisory. A defect was discovered in the Python ssl module where there is a memoryrace condition with the ssl.SSLContext methods certstorestats andgetcacerts. The race condition can be triggered if the methods...
CVE-2024-0397
A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time that certificates are...
USN-6928-1: Python vulnerabilities
It was discovered that the Python ssl module contained a memory race condition when handling the APIs to obtain the CA certificates and certificate store statistics. This could possibly result in applications obtaining wrong results, leading to various SSL issues. CVE-2024-0397 It was discovered...
Oracle HTTP Server (July 2024 CPU)
The versions of HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory: - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: SSL Module zlib. The supported version that is affected is...
The vulnerabilities of the functions cert_store_stats() and get_ca_certs() in the SSL module of the Python programming language interpreter (CPython) allow a malicious individual to gain unauthorized access to protected information.
The vulnerability of the certstorestats and getcacerts functions in the SSL module of the Python programming language interpreter CPython is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...
BIT-PYTHON-2024-0397 Memory race condition in ssl.SSLContext certificate store methods
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...
CVE-2024-0397
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...
CVE-2024-0397
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...
AZL-42784 CVE-2024-0397 affecting package python3 for versions less than 3.12.3-1
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...
CVE-2024-0397
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...
PSF-2024-4
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...
CVE-2024-0397 Memory race condition in ssl.SSLContext certificate store methods
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...
CVE-2024-0397
CVE-2024-0397: A memory race in Python's ssl module between SSLContext.cert_store_stats() and SSLContext.get_ca_certs() can be triggered when certificates are loaded into the SSLContext concurrently with a TLS handshake. The issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5. Upgradi...
CVE-2024-0397 Memory race condition in ssl.SSLContext certificate store methods
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...
CVE-2024-0397
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...
Oracle HTTP Server Multiple Vulnerabilities (January 2024 CPU)
The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Third Party curl. Easily exploitable vulnerability allow...
PT-2024-4665 · Python +9 · Python +9
Name of the Vulnerable Software and Affected Versions: Python versions prior to 3.10.14 Python versions prior to 3.11.9 Python versions prior to 3.12.3 Python versions prior to 3.13.0a5 Description: A defect was discovered in the Python “ssl” module where there is a memory race condition with the...