Python Buffer Over-Read Vulnerability (Jul 2024) - Windows

Python is prone to a buffer over-read vulnerability in SSLContext.setnpnprotocols. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Python Buffer Over-Read Vulnerability (Jul 2024) - Linux

Python is prone to a buffer over-read vulnerability in SSLContext.setnpnprotocols. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Python Buffer Over-Read Vulnerability (Jul 2024) - Mac OS X

Python is prone to a buffer over-read vulnerability in SSLContext.setnpnprotocols. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SUSE-SU-2024:2479-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number bsc1219559. - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb bsc1221854. - CVE-2024-4032: Rearranging definition of...

SUSE SLES12 Security Update : python39 (SUSE-SU-2024:2274-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2274-1 advisory. - CVE-2024-4032: Rearranging definition of private v global IP. bsc1226448 - CVE-2024-0397: Remove a memory race condition in...

SUSE-SU-2024:2274-1 Security update for python39

This update for python39 fixes the following issues: - CVE-2024-4032: Rearranging definition of private v global IP. bsc1226448 - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. bsc1226447...

SUSE-SU-2024:2249-1 Security update for python39

This update for python39 fixes the following issues: - CVE-2024-4032: Rearranging definition of private v global IP. bsc1226448 - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. bsc1226447...

CVE-2024-5642

A vulnerability was found in Python/CPython that does not disallow configuring an empty list "" for SSLContext.setnpnprotocols, which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information...

CVE-2024-5642

CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being...

CVE-2024-5642

CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being...

CVE-2024-5642

CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being...

CVE-2024-5642

CVE-2024-5642 affects CPython 3.9 and earlier where CPython allows an empty list for SSLContext.set_npn_protocols(), an invalid value for the OpenSSL API. The underlying issue is a buffer over-read when NPN is used, related to CVE-2024-5535 (OpenSSL). The vulnerability is characterized as low sev...

CVE-2024-5642 Buffer overread when using an empty list with SSLContext.set_npn_protocols()

CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being...

CVE-2024-5642

CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being...

PSF-2024-6

CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being...

CVE-2024-0397

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

CVE-2024-0397 Memory race condition in ssl.SSLContext certificate store methods

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

CVE-2024-0397 Memory race condition in ssl.SSLContext certificate store methods

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

PSF-2024-4

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

CVE-2022-23000

The Western Digital My Cloud Web App https://os5.mycloud.com/ uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "TLS" or specifying stronger validation,...