CVE-2023-40217 - Vulnerability Details

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Python	Python
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Software Collections Rhel Tus

Configuration 1 [-]

OR	cpe:2.3:a:python:python::::::::
	cpe:2.3:a:python:python::::::::
	cpe:2.3:a:python:python::::::::
	cpe:2.3:a:python:python::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6 Extended Lifecycle Support
python-0:2.6.6-70.el6_10	cpe:/o:redhat:rhel_els:6	RHSA-2023:6290	2023-11-02T00:00:00Z
Red Hat Enterprise Linux 7
python3-0:3.6.8-21.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2023:6823	2023-11-08T00:00:00Z
python-0:2.7.5-94.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2023:6885	2023-11-13T00:00:00Z
Red Hat Enterprise Linux 8
python3.11-0:3.11.2-2.el8_8.2	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:5463	2023-10-05T00:00:00Z
python27:2.7-8080020231004233750.392b0bf1	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:5994	2023-10-23T00:00:00Z
python3-0:3.6.8-51.el8_8.2	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:5997	2023-10-23T00:00:00Z
python39:3.9-8080020230922214114.93c2fc2f	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:5998	2023-10-23T00:00:00Z
python39-devel:3.9-8080020230922214114.93c2fc2f	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:5998	2023-10-23T00:00:00Z
python3-0:3.6.8-51.el8_8.2	cpe:/o:redhat:enterprise_linux:8	RHSA-2023:5997	2023-10-23T00:00:00Z
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
python27:2.7-8010020231004234533.208b345f	cpe:/a:redhat:rhel_e4s:8.1	RHSA-2023:5990	2023-10-23T00:00:00Z
python3-0:3.6.8-15.1.el8_1.2	cpe:/a:redhat:rhel_e4s:8.1	RHSA-2023:5995	2023-10-23T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
python3-0:3.6.8-24.el8_2.2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2023:5528	2023-10-09T00:00:00Z
python27:2.7-8020020231004234409.c9f5743f	cpe:/a:redhat:rhel_aus:8.2	RHSA-2023:5991	2023-10-23T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
python3-0:3.6.8-24.el8_2.2	cpe:/a:redhat:rhel_tus:8.2	RHSA-2023:5528	2023-10-09T00:00:00Z
python27:2.7-8020020231004234409.c9f5743f	cpe:/a:redhat:rhel_tus:8.2	RHSA-2023:5991	2023-10-23T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
python3-0:3.6.8-24.el8_2.2	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2023:5528	2023-10-09T00:00:00Z
python27:2.7-8020020231004234409.c9f5743f	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2023:5991	2023-10-23T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
python27:2.7-8040020231004234308.7c6da464	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:5992	2023-10-23T00:00:00Z
python3-0:3.6.8-39.el8_4.3	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:5996	2023-10-23T00:00:00Z
python39:3.9-8040020230922214438.63cd9eba	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:6069	2023-10-24T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
python27:2.7-8040020231004234308.7c6da464	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:5992	2023-10-23T00:00:00Z
python3-0:3.6.8-39.el8_4.3	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:5996	2023-10-23T00:00:00Z
python39:3.9-8040020230922214438.63cd9eba	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:6069	2023-10-24T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
python27:2.7-8040020231004234308.7c6da464	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:5992	2023-10-23T00:00:00Z
python3-0:3.6.8-39.el8_4.3	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:5996	2023-10-23T00:00:00Z
python39:3.9-8040020230922214438.63cd9eba	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:6069	2023-10-24T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
python3-0:3.6.8-47.el8_6.2	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:5531	2023-10-09T00:00:00Z
python27:2.7-8060020231004234102.2aa69ce4	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:5993	2023-10-23T00:00:00Z
python39:3.9-8060020230922214243.6a631399	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:6068	2023-10-24T00:00:00Z
python39-devel:3.9-8060020230922214243.6a631399	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:6068	2023-10-24T00:00:00Z
Red Hat Enterprise Linux 9
python3.11-0:3.11.2-2.el9_2.2	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:5456	2023-10-05T00:00:00Z
python3.9-0:3.9.16-1.el9_2.2	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:5462	2023-10-05T00:00:00Z
python3.9-0:3.9.16-1.el9_2.2	cpe:/o:redhat:enterprise_linux:9	RHSA-2023:5462	2023-10-05T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
python3.9-0:3.9.10-4.el9_0.2	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:5472	2023-10-05T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
rh-python38-python-0:3.8.18-2.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2023:6793	2023-11-08T00:00:00Z

References

Link	Providers
https://github.com/python/cpython/issues/108310
https://github.com/python/cpython/pull/108315
https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html
https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/
https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/
https://nvd.nist.gov/vuln/detail/CVE-2023-40217
https://security.netapp.com/advisory/ntap-20231006-0014/
https://www.cve.org/CVERecord?id=CVE-2023-40217
https://www.python.org/dev/security/

History

Wed, 02 Oct 2024 17:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-08-25T00:00:00

Updated: 2024-10-02T16:32:08.930Z

Reserved: 2023-08-10T00:00:00

Link: CVE-2023-40217

Vulnrichment

Updated: 2024-08-02T18:24:55.789Z

NVD

Status : Modified

Published: 2023-08-25T01:15:09.017

Modified: 2024-11-21T08:19:01.303

Link: CVE-2023-40217

Redhat

Severity : Important

Publid Date: 2023-08-25T00:00:00Z

Links: CVE-2023-40217 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-40217", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-02T16:32:08.930Z", "dateReserved": "2023-08-10T00:00:00", "datePublished": "2023-08-25T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-11T22:06:19.810772"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as \"not connected\" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.python.org/dev/security/"}, {"url": "https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/"}, {"name": "[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html"}, {"url": "https://security.netapp.com/advisory/ntap-20231006-0014/"}, {"name": "[debian-lts-announce] 20231011 [SECURITY] [DLA 3614-1] python3.7 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:24:55.789Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.python.org/dev/security/", "tags": ["x_transferred"]}, {"url": "https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html"}, {"url": "https://security.netapp.com/advisory/ntap-20231006-0014/", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20231011 [SECURITY] [DLA 3614-1] python3.7 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-02T16:31:39.875777Z", "id": "CVE-2023-40217", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T16:32:08.930Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.python.org/dev/security/", "tags": ["x_transferred"]}, {"url": "https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html", "name": "[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20231006-0014/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html", "name": "[debian-lts-announce] 20231011 [SECURITY] [DLA 3614-1] python3.7 security update", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:24:55.789Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-40217", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-02T16:31:39.875777Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T16:32:02.210Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.python.org/dev/security/"}, {"url": "https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html", "name": "[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update", "tags": ["mailing-list"]}, {"url": "https://security.netapp.com/advisory/ntap-20231006-0014/"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html", "name": "[debian-lts-announce] 20231011 [SECURITY] [DLA 3614-1] python3.7 security update", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as \"not connected\" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-11T22:06:19.810772"}}}, "cveMetadata": {"cveId": "CVE-2023-40217", "state": "PUBLISHED", "dateUpdated": "2024-10-02T16:32:08.930Z", "dateReserved": "2023-08-10T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-08-25T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "57315FC0-A50B-4677-9186-FD04F046419C", "versionEndExcluding": "3.8.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "9AEA72AE-65B5-4685-BB0C-5E077D4BFA6C", "versionEndExcluding": "3.9.18", "versionStartIncluding": "3.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "23CCE2C2-CC19-4C91-A173-B583E598FAFD", "versionEndExcluding": "3.10.13", "versionStartIncluding": "3.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EE37B61-ADAD-4F98-B732-DEBC5BECBC55", "versionEndExcluding": "3.11.5", "versionStartIncluding": "3.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as \"not connected\" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)"}], "id": "CVE-2023-40217", "lastModified": "2024-11-21T08:19:01.303", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-25T01:15:09.017", "references": [{"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html"}, {"source": "cve@mitre.org", "url": "https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20231006-0014/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.python.org/dev/security/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20231006-0014/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.python.org/dev/security/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:6290", "cpe": "cpe:/o:redhat:rhel_els:6", "package": "python-0:2.6.6-70.el6_10", "product_name": "Red Hat Enterprise Linux 6 Extended Lifecycle Support", "release_date": "2023-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:6823", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "python3-0:3.6.8-21.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2023-11-08T00:00:00Z"}, {"advisory": "RHSA-2023:6885", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "python-0:2.7.5-94.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2023-11-13T00:00:00Z"}, {"advisory": "RHSA-2023:5463", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python3.11-0:3.11.2-2.el8_8.2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-10-05T00:00:00Z"}, {"advisory": "RHSA-2023:5994", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python27:2.7-8080020231004233750.392b0bf1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-10-23T00:00:00Z"}, {"advisory": "RHSA-2023:5997", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python3-0:3.6.8-51.el8_8.2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-10-23T00:00:00Z"}, {"advisory": "RHSA-2023:5998", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python39:3.9-8080020230922214114.93c2fc2f", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-10-23T00:00:00Z"}, {"advisory": "RHSA-2023:5998", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python39-devel:3.9-8080020230922214114.93c2fc2f", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-10-23T00:00:00Z"}, {"advisory": "RHSA-2023:5997", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "python3-0:3.6.8-51.el8_8.2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-10-23T00:00:00Z"}, {"advisory": "RHSA-2023:5990", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "python27:2.7-8010020231004234533.208b345f", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-10-23T00:00:00Z"}, {"advisory": "RHSA-2023:5995", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "python3-0:3.6.8-15.1.el8_1.2", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-10-23T00:00:00Z"}, {"advisory": "RHSA-2023:5528", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "python3-0:3.6.8-24.el8_2.2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-10-09T00:00:00Z"}, {"advisory": "RHSA-2023:5991", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "python27:2.7-8020020231004234409.c9f5743f", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-10-23T00:00:00Z"}, {"advisory": "RHSA-2023:5528", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "python3-0:3.6.8-24.el8_2.2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-10-09T00:00:00Z"}, {"advisory": "RHSA-2023:5991", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "python27:2.7-8020020231004234409.c9f5743f", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-10-23T00:00:00Z"}, {"advisory": "RHSA-2023:5528", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "python3-0:3.6.8-24.el8_2.2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-10-09T00:00:00Z"}, {"advisory": "RHSA-2023:5991", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "python27:2.7-8020020231004234409.c9f5743f", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-10-23T00:00:00Z"}, {"advisory": "RHSA-2023:5992", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "python27:2.7-8040020231004234308.7c6da464", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-10-23T00:00:00Z"}, {"advisory": "RHSA-2023:5996", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "python3-0:3.6.8-39.el8_4.3", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-10-23T00:00:00Z"}, {"advisory": "RHSA-2023:6069", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "python39:3.9-8040020230922214438.63cd9eba", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:5992", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "python27:2.7-8040020231004234308.7c6da464", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-10-23T00:00:00Z"}, {"advisory": "RHSA-2023:5996", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "python3-0:3.6.8-39.el8_4.3", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-10-23T00:00:00Z"}, {"advisory": "RHSA-2023:6069", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "python39:3.9-8040020230922214438.63cd9eba", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:5992", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "python27:2.7-8040020231004234308.7c6da464", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-10-23T00:00:00Z"}, {"advisory": "RHSA-2023:5996", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "python3-0:3.6.8-39.el8_4.3", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-10-23T00:00:00Z"}, {"advisory": "RHSA-2023:6069", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "python39:3.9-8040020230922214438.63cd9eba", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:5531", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "python3-0:3.6.8-47.el8_6.2", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-10-09T00:00:00Z"}, {"advisory": "RHSA-2023:5993", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "python27:2.7-8060020231004234102.2aa69ce4", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-10-23T00:00:00Z"}, {"advisory": "RHSA-2023:6068", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "python39:3.9-8060020230922214243.6a631399", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:6068", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "python39-devel:3.9-8060020230922214243.6a631399", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-10-24T00:00:00Z"}, {"advisory": "RHSA-2023:5456", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "python3.11-0:3.11.2-2.el9_2.2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-10-05T00:00:00Z"}, {"advisory": "RHSA-2023:5462", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "python3.9-0:3.9.16-1.el9_2.2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-10-05T00:00:00Z"}, {"advisory": "RHSA-2023:5462", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "python3.9-0:3.9.16-1.el9_2.2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-10-05T00:00:00Z"}, {"advisory": "RHSA-2023:5472", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "python3.9-0:3.9.10-4.el9_0.2", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-10-05T00:00:00Z"}, {"advisory": "RHSA-2023:6793", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-0:3.8.18-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2023-11-08T00:00:00Z"}], "bugzilla": {"description": "python: TLS handshake bypass", "id": "2235789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235789"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-305", "details": ["An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as \"not connected\" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)", "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible."], "name": "CVE-2023-40217", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python36:3.6/python36", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2023-08-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-40217\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-40217\nhttps://github.com/python/cpython/issues/108310\nhttps://github.com/python/cpython/pull/108315\nhttps://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/"], "statement": "Versions of `python36:3.6/python36` as shipped with Red Hat Enterprise Linux 8 are marked as 'Not affected' as they just provide \"symlinks\" to the main `python3` component, which provides the actual interpreter of the Python programming language.", "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object