Metrics
Affected Vendors & Products
Sat, 14 Dec 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhel Eus
|
|
CPEs | cpe:/a:redhat:rhel_eus:9.4 | |
Vendors & Products |
Redhat rhel Eus
|
Thu, 12 Dec 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux |
Sat, 07 Dec 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Fri, 06 Dec 2024 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Fri, 06 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Python Software Foundation
Python Software Foundation cpython |
|
CPEs | cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:* | |
Vendors & Products |
Python Software Foundation
Python Software Foundation cpython |
|
References |
| |
Metrics |
ssvc
|
Fri, 06 Dec 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion. This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true then your usage of Python is unaffected. | |
Title | Unbounded memory buffering in SelectorSocketTransport.writelines() | |
Weaknesses | CWE-400 CWE-770 |
|
References |
| |
Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: PSF
Published: 2024-12-06T15:19:41.576Z
Updated: 2024-12-06T19:02:35.550Z
Reserved: 2024-12-05T16:17:55.154Z
Link: CVE-2024-12254
Updated: 2024-12-06T19:02:35.550Z
Status : Received
Published: 2024-12-06T16:15:20.623
Modified: 2024-12-06T19:15:10.983
Link: CVE-2024-12254