CVE-2024-0397
EUVD-2024-1619317.06.2024, 16:15
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| python_software_foundation | cpython | 𝑥 < 3.8.20 | ADP |
| python_software_foundation | cpython | 3.9.0 ≤ 𝑥 < 3.9.20 | ADP |
| python_software_foundation | cpython | 3.10.0 ≤ 𝑥 < 3.10.14 | ADP |
| python_software_foundation | cpython | 3.11.0 ≤ 𝑥 < 3.11.9 | ADP |
| python_software_foundation | cpython | 3.12.0 ≤ 𝑥 < 3.12.3 | ADP |
| python_software_foundation | cpython | 3.13.0a1 ≤ 𝑥 < 3.13.0a5 | ADP |
Debian Releases
Debian Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| pypy3 |
| ||||||||||||
| python2.7 |
| ||||||||||||
| python3.11 |
| ||||||||||||
| python3.13 |
| ||||||||||||
| python3.9 |
|
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| python2.7 |
| ||||||||||||||||||||
| python3.4 |
| ||||||||||||||||||||
| python3.5 |
| ||||||||||||||||||||
| python3.6 |
| ||||||||||||||||||||
| python3.7 |
| ||||||||||||||||||||
| python3.8 |
| ||||||||||||||||||||
| python3.9 |
| ||||||||||||||||||||
| python3.10 |
| ||||||||||||||||||||
| python3.11 |
| ||||||||||||||||||||
| python3.12 |
|
References