A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.
History

Tue, 17 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Python Software Foundation
Python Software Foundation cpython
CPEs cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*
Vendors & Products Python Software Foundation
Python Software Foundation cpython
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: PSF

Published: 2024-06-17T15:09:40.896Z

Updated: 2024-09-17T18:24:43.948Z

Reserved: 2024-01-10T14:05:31.635Z

Link: CVE-2024-0397

cve-icon Vulnrichment

Updated: 2024-08-01T18:04:49.771Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-17T16:15:10.217

Modified: 2024-11-21T08:46:29.733

Link: CVE-2024-0397

cve-icon Redhat

Severity : Low

Publid Date: 2024-06-17T00:00:00Z

Links: CVE-2024-0397 - Bugzilla