A defect was discovered in the Python “ssl” module where there is a memory
race condition with the ssl.SSLContext methods “cert_store_stats()” and
“get_ca_certs()”. The race condition can be triggered if the methods are
called at the same time as certificates are loaded into the SSLContext,
such as during the TLS handshake with a certificate directory configured.
This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Python Software Foundation
Python Software Foundation cpython |
|
CPEs | cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:* | |
Vendors & Products |
Python Software Foundation
Python Software Foundation cpython |
|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: PSF
Published: 2024-06-17T15:09:40.896Z
Updated: 2024-09-17T18:24:43.948Z
Reserved: 2024-01-10T14:05:31.635Z
Link: CVE-2024-0397
Vulnrichment
Updated: 2024-08-01T18:04:49.771Z
NVD
Status : Awaiting Analysis
Published: 2024-06-17T16:15:10.217
Modified: 2024-11-21T08:46:29.733
Link: CVE-2024-0397
Redhat