Products
CPython
- 3.10.14
- 3.11.9
- 3.12.3
- 3.13.0a5
Source
cna@python.org
Tags
CVE-2024-0397 details
Published : June 17, 2024, 4:15 p.m.
Last Modified : June 17, 2024, 6:15 p.m.
Last Modified : June 17, 2024, 6:15 p.m.
Description
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
This website uses the NVD API, but is not approved or certified by it.