CVE-2024-0397

EPSS 0.23%
Veröffentlicht 17.06.2024 16:15:10
Zuletzt bearbeitet 11.04.2025 22:15:28
Quelle cna@python.org
Teams Watchlist Login
Unerledigt Login

A defect was discovered in the Python “ssl” module where there is a memory
race condition with the ssl.SSLContext methods “cert_store_stats()” and
“get_ca_certs()”. The race condition can be triggered if the methods are
called at the same time as certificates are loaded into the SSLContext,
such as during the TLS handshake with a certificate directory configured.
This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 14

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerpython_software_foundation

≫

Produkt cpython

Default Statusunaffected

Version < 3.8.20

Version 0

Status affected

Version < 3.9.20

Version 3.9.0

Status affected

Version < 3.10.14

Version 3.10.0

Status affected

Version < 3.11.9

Version 3.11.0

Status affected

Version < 3.12.3

Version 3.12.0

Status affected

Version < 3.13.0a5

Version 3.13.0a1

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.453

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://www.openwall.com/lists/oss-security/2024/06/17/2

https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d

https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524

https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e

https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286

https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa

https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab

https://github.com/python/cpython/issues/114572

https://github.com/python/cpython/pull/114573

https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/

https://security.netapp.com/advisory/ntap-20250411-0006/

https://nvd.nist.gov/vuln/detail/CVE-2024-0397

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0397

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0397

EUVD