Azure Linux 3.0 Security Update: python3 (CVE-2024-3219)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-3219 advisory. - The socket module provides a pure-Python fallback to the socket.socketpair function for platforms that don't...

EUVD-2012-2186

Malware in sbrugna...

EUVD-2000-0487

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2024-26676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: afunix: Call kfreeskb for dead unixsk-oobskb in GC. syzbot reported a warning 0 in unixgc wi...

CVE-2025-38236

CVE-2025-38236 concerns a Linux kernel af_unix use-after-free involving consecutive consumed OOB skbs in unix_stream_read_generic(), triggered when OOB data is read but the corresponding skb remains on the recv queue. The root cause is the handling of consumed OOB skbs and the SO_PEEK_OFF path, w...

CVE-2025-38236 af_unix: Don't leave consecutive consumed OOB skbs.

In the Linux kernel, the following vulnerability has been resolved: afunix: Don't leave consecutive consumed OOB skbs. Jann Horn reported a use-after-free in unixstreamreadgeneric. The following sequences reproduce the issue: $ python3 from socket import s1, s2 = socketpairAFUNIX, SOCKSTREAM...

curl: `Curl_socketpair()` fallback vulnerable to man-in-the-middle attack

In Curlsocketpair in curl/lib/socketpair.c if the operating system lacks a native socketpair function, libcurl will create its own pair of sockets. To do this, libcurl first creates a listening socket, then it creates a client socket, which it then connects to the listening socket. During the tim...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition when the fallback socketpair implementation is used on platforms that lack native support and the vulnerable function does not properly authenticate the connected sockets. An attacker must be able to predict the address a...

OESA-2024-2193 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

OESA-2024-2191 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

CVE-2024-3219

The “socket” module provides a pure-Python fallback to the socket.socketpair function for platforms that don’t support AFUNIX, such as Windows. This pure-Python implementation uses AFINET or AFINET6 to create a local connected pair of sockets. The connection between the two sockets was not verifi...

PT-2024-24457 · Python +1 · Cpython +1

Name of the Vulnerable Software and Affected Versions: CPython versions 3.5 through latest Description: The issue arises from the "socket" module's pure-Python fallback for the socket.socketpair function on platforms that don't support AF UNIX, such as Windows. This implementation uses AF INET or...

SUSE CVE-2024-26676

In the Linux kernel, the following vulnerability has been resolved: afunix: Call kfreeskb for dead unixsk-oobskb in GC. syzbot reported a warning 0 in unixgc with a repro, which creates a socketpair and sends one socket's fd to itself using the peer. socketpairAFUNIX, SOCKSTREAM, 0, 3, 4 = 0...

CVE-2024-26676

In the Linux kernel, the following vulnerability has been resolved: afunix: Call kfreeskb for dead unixsk-oobskb in GC. syzbot reported a warning 0 in unixgc with a repro, which creates a socketpair and sends one socket's fd to itself using the peer. socketpairAFUNIX, SOCKSTREAM, 0, 3, 4 = 0...

CVE-2024-26676 af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC.

In the Linux kernel, the following vulnerability has been resolved: afunix: Call kfreeskb for dead unixsk-oobskb in GC. syzbot reported a warning 0 in unixgc with a repro, which creates a socketpair and sends one socket's fd to itself using the peer. socketpairAFUNIX, SOCKSTREAM, 0, 3, 4 = 0...

SUSE CVE-2010-4249

The waitforunixgc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service system hang via crafted use of the socketpair and sendmsg system...

AIX 5.3 TL 12 : socket (IV19178)

When socketpair calls are used on the system we could see a crash in socket code path due to the fact that one of the socket is in the free list. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text in the description was extracted from AIX Security Advisory socketadvisory.asc...

AIX 7.1 TL 1 : socket (IV21235)

When socketpair calls are used on the system we could see a crash in socket code path due to the fact that one of the socket is in the free list. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text in the description was extracted from AIX Security Advisory socketadvisory.asc...

Code injection

The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service system crash via a crafted application that leverages the presence of a socket on the free list...

CVE-2012-2192

Summary: CVE-2012-2192 affects IBM AIX 5.3, 6.1, 7.1 and VIOS 2.2.1.4-FP-25 SP-02. Vulnerability: socketpair() usage can cause a local denial-of-service (system crash) when a socket remains on the free list, triggering a crash in the socket code path. Root cause: crash tied to how sockets are man...