CVE-2024-5642

EUVD-2024-46822
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
PSFCNA
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
pythoncpython
𝑥
< 3.10.0b1
CNA
Debian logo
Debian Releases
Debian Product
Codename
pypy3
bookworm
7.3.11+dfsg-2+deb12u3
fixed
bullseye
ignored
bullseye (security)
vulnerable
forky
7.3.20+dfsg-4
fixed
sid
7.3.20+dfsg-4
fixed
trixie
7.3.19+dfsg-2
fixed
python2.7
bullseye
vulnerable
python3.11
bookworm
3.11.2-6+deb12u6
fixed
bookworm (security)
3.11.2-6+deb12u3
fixed
bullseye
ignored
python3.13
bullseye
ignored
forky
3.13.11-1
fixed
sid
3.13.11-1
fixed
trixie
3.13.5-2
fixed
python3.9
bullseye
vulnerable
bullseye (security)
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python2.7
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
mantic
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
needs-triage
xenial
needs-triage
python3.4
focal
dne
jammy
dne
mantic
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
needs-triage
python3.5
focal
dne
jammy
dne
mantic
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
needs-triage
xenial
needed
python3.6
bionic
not-affected
focal
dne
jammy
dne
mantic
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
python3.7
bionic
not-affected
focal
dne
jammy
dne
mantic
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
python3.8
bionic
not-affected
focal
not-affected
jammy
dne
mantic
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
python3.9
focal
needs-triage
jammy
dne
mantic
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
python3.10
focal
dne
jammy
not-affected
mantic
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
python3.11
focal
dne
jammy
not-affected
mantic
ignored
noble
dne
oracular
dne
plucky
dne
questing
dne
python3.12
focal
dne
jammy
dne
mantic
ignored
noble
not-affected
oracular
not-affected
plucky
dne
questing
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpython3_6m1_0
suse enterprise desktop 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.72.1
fixed
suse enterprise server 12 SP3
3.6.15-6.112.1
fixed
suse enterprise server 15 SP3
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.72.1
fixed
libpython3_9-1_0
suse enterprise sap 15 SP5
3.9.19-150300.4.49.1
fixed
suse enterprise server 15 SP3
3.9.19-150300.4.49.1
fixed
suse enterprise server 15 SP5
3.9.19-150300.4.49.1
fixed
python3
suse enterprise desktop 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP3
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.72.1
fixed
python3-base
suse enterprise desktop 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP3
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.72.1
fixed
python3-curses
suse enterprise desktop 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP3
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.72.1
fixed
python3-dbm
suse enterprise desktop 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP3
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.72.1
fixed
python3-devel
suse enterprise desktop 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP3
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.72.1
fixed
python3-idle
suse enterprise desktop 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP3
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.72.1
fixed
python3-tk
suse enterprise desktop 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP3
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.72.1
fixed
python3-tools
suse enterprise server 15 SP3
3.6.15-150300.10.72.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.72.1
fixed
python36
suse enterprise server 12 SP3
3.6.15-6.112.1
fixed
python36-base
suse enterprise server 12 SP3
3.6.15-6.112.1
fixed
python36-curses
suse enterprise server 12 SP3
3.6.15-6.112.1
fixed
python36-dbm
suse enterprise server 12 SP3
3.6.15-6.112.1
fixed
python36-devel
suse enterprise server 12 SP3
3.6.15-6.112.1
fixed
python36-idle
suse enterprise server 12 SP3
3.6.15-6.112.1
fixed
python36-testsuite
suse enterprise server 12 SP3
3.6.15-6.112.1
fixed
python36-tk
suse enterprise server 12 SP3
3.6.15-6.112.1
fixed
python36-tools
suse enterprise server 12 SP3
3.6.15-6.112.1
fixed
python39
suse enterprise sap 15 SP5
3.9.19-150300.4.49.1
fixed
suse enterprise server 15 SP3
3.9.19-150300.4.49.1
fixed
suse enterprise server 15 SP5
3.9.19-150300.4.49.1
fixed
python39-base
suse enterprise sap 15 SP5
3.9.19-150300.4.49.1
fixed
suse enterprise server 15 SP3
3.9.19-150300.4.49.1
fixed
suse enterprise server 15 SP5
3.9.19-150300.4.49.1
fixed
python39-curses
suse enterprise sap 15 SP5
3.9.19-150300.4.49.1
fixed
suse enterprise server 15 SP3
3.9.19-150300.4.49.1
fixed
suse enterprise server 15 SP5
3.9.19-150300.4.49.1
fixed
python39-dbm
suse enterprise sap 15 SP5
3.9.19-150300.4.49.1
fixed
suse enterprise server 15 SP3
3.9.19-150300.4.49.1
fixed
suse enterprise server 15 SP5
3.9.19-150300.4.49.1
fixed
python39-devel
suse enterprise server 15 SP3
3.9.19-150300.4.49.1
fixed
python39-idle
suse enterprise server 15 SP3
3.9.19-150300.4.49.1
fixed
python39-tk
suse enterprise server 15 SP3
3.9.19-150300.4.49.1
fixed
python39-tools
suse enterprise server 15 SP3
3.9.19-150300.4.49.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
python-unversioned-command
RHEL 9
0:3.9.25-2.el9_7
fixed
python3
RHEL 9
0:3.9.25-2.el9_7
fixed
python3-debug
RHEL 9
0:3.9.25-2.el9_7
fixed
python3-devel
RHEL 9
0:3.9.25-2.el9_7
fixed
python3-idle
RHEL 9
0:3.9.25-2.el9_7
fixed
python3-libs
RHEL 9
0:3.9.25-2.el9_7
fixed
python3-test
RHEL 9
0:3.9.25-2.el9_7
fixed
python3-tkinter
RHEL 9
0:3.9.25-2.el9_7
fixed
References
http://www.openwall.com/lists/oss-security/2024/06/28/4
https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e
https://github.com/python/cpython/commit/a2cdbb6e8188ba9ba8b356b28d91bff60e86fe31
https://github.com/python/cpython/issues/121227
https://github.com/python/cpython/pull/23014
https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html
https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/
https://security.netapp.com/advisory/ntap-20240726-0005/
http://www.openwall.com/lists/oss-security/2024/06/28/4
https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e
https://github.com/python/cpython/issues/121227
https://github.com/python/cpython/pull/23014
https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html
https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/
https://security.netapp.com/advisory/ntap-20240726-0005/