CVE-2024-0397

A defect was discovered in the Python ssl module where there is a memory
race condition with the ssl.SSLContext methods cert_store_stats() and
get_ca_certs(). The race condition can be triggered if the methods are
called at the same time as certificates are loaded into the SSLContext,
such as during the TLS handshake with a certificate directory configured.
This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.4 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
PSFCNA
---
---
CISA-ADPADP
7.4 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Debian logo
Debian Releases
Debian Product
Codename
pypy3
bullseye
ignored
bookworm
no-dsa
bullseye (security)
vulnerable
sid
7.3.19+dfsg-2
fixed
trixie
7.3.19+dfsg-2
fixed
python2.7
bullseye
vulnerable
bookworm
no-dsa
python3.11
bookworm
3.11.2-6+deb12u6
no-dsa
bullseye
ignored
bookworm (security)
3.11.2-6+deb12u3
fixed
python3.12
sid
3.12.10-1
fixed
bookworm
no-dsa
bullseye
ignored
python3.13
trixie
3.13.3-2
fixed
bookworm
no-dsa
bullseye
ignored
sid
3.13.3-4
fixed
python3.9
bullseye
ignored
bookworm
no-dsa
bullseye (security)
3.9.2-1+deb11u3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python2.7
plucky
dne
oracular
dne
noble
dne
mantic
dne
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
python3.10
plucky
dne
oracular
dne
noble
dne
mantic
dne
jammy
Fixed 3.10.12-1~22.04.5
released
focal
dne
python3.11
plucky
dne
oracular
dne
noble
dne
mantic
ignored
jammy
needs-triage
focal
dne
python3.12
plucky
dne
oracular
not-affected
noble
not-affected
mantic
ignored
jammy
dne
focal
dne
python3.4
plucky
dne
oracular
dne
noble
dne
mantic
dne
jammy
dne
focal
dne
trusty
needs-triage
python3.5
plucky
dne
oracular
dne
noble
dne
mantic
dne
jammy
dne
focal
dne
xenial
not-affected
trusty
not-affected
python3.6
plucky
dne
oracular
dne
noble
dne
mantic
dne
jammy
dne
focal
dne
bionic
needs-triage
python3.7
plucky
dne
oracular
dne
noble
dne
mantic
dne
jammy
dne
focal
dne
bionic
needs-triage
python3.8
plucky
dne
oracular
dne
noble
dne
mantic
dne
jammy
dne
focal
Fixed 3.8.10-0ubuntu1~20.04.11
released
bionic
needs-triage
python3.9
plucky
dne
oracular
dne
noble
dne
mantic
dne
jammy
dne
focal
needs-triage
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2024/06/17/2
https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d
https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524
https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e
https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286
https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa
https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab
https://github.com/python/cpython/issues/114572
https://github.com/python/cpython/pull/114573
https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/
http://www.openwall.com/lists/oss-security/2024/06/17/2
https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d
https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524
https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e
https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286
https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa
https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab
https://github.com/python/cpython/issues/114572
https://github.com/python/cpython/pull/114573
https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/
https://security.netapp.com/advisory/ntap-20250411-0006/