CVE-2024-3219

EPSS 0.05%
Published 29.07.2024 22:15:04
Last modified 02.05.2025 23:15:15
Source cna@python.org
Teams watchlist Login
Open Login

The
 “socket” module provides a pure-Python fallback to the 
socket.socketpair() function for platforms that don’t support AF_UNIX, 
such as Windows. This pure-Python implementation uses AF_INET or 
AF_INET6 to create a local connected pair of sockets. The connection 
between the two sockets was not verified before passing the two sockets 
back to the user, which leaves the server socket vulnerable to a 
connection race from a malicious local peer.

Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.

Affected products Warnungen 0 Metrics 2 CWE 1 References 22

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorPython Software Foundation

≫

Product CPython

Default Statusunaffected

Version < 3.8.20

Version 0

Status affected

Version < 3.9.20

Version 3.9.0

Status affected

Version < 3.10.15

Version 3.10.0

Status affected

Version < 3.11.10

Version 3.11.0

Status affected

Version < 3.12.5

Version 3.12.0

Status affected

Version < 3.13.0rc1

Version 3.13.0a1

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.134

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
cna@python.org	5.1	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

http://www.openwall.com/lists/oss-security/2024/07/29/3

https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20

https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2

https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c

https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508

https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d

https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d

https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39

https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929

https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5

https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54

https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c