Show plain JSON{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-3219", "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22", "state": "PUBLISHED", "assignerShortName": "PSF", "dateReserved": "2024-04-02T18:03:22.557Z", "datePublished": "2024-07-29T21:54:05.830Z", "dateUpdated": "2025-05-02T23:02:58.327Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "CPython", "repo": "https://github.com/python/cpython", "vendor": "Python Software Foundation", "versions": [{"lessThan": "3.8.20", "status": "affected", "version": "0", "versionType": "python"}, {"lessThan": "3.9.20", "status": "affected", "version": "3.9.0", "versionType": "python"}, {"lessThan": "3.10.15", "status": "affected", "version": "3.10.0", "versionType": "python"}, {"lessThan": "3.11.10", "status": "affected", "version": "3.11.0", "versionType": "python"}, {"lessThan": "3.12.5", "status": "affected", "version": "3.12.0", "versionType": "python"}, {"lessThan": "3.13.0rc1", "status": "affected", "version": "3.13.0a1", "versionType": "python"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Ellie"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The\n \u201csocket\u201d module provides a pure-Python fallback to the \nsocket.socketpair() function for platforms that don\u2019t support AF_UNIX, \nsuch as Windows. This pure-Python implementation uses AF_INET or \nAF_INET6 to create a local connected pair of sockets. The connection \nbetween the two sockets was not verified before passing the two sockets \nback to the user, which leaves the server socket vulnerable to a \nconnection race from a malicious local peer.<br><br>Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.<br>"}], "value": "The\n \u201csocket\u201d module provides a pure-Python fallback to the \nsocket.socketpair() function for platforms that don\u2019t support AF_UNIX, \nsuch as Windows. This pure-Python implementation uses AF_INET or \nAF_INET6 to create a local connected pair of sockets. The connection \nbetween the two sockets was not verified before passing the two sockets \nback to the user, which leaves the server socket vulnerable to a \nconnection race from a malicious local peer.\n\nPlatforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 5.1, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "PSF", "dateUpdated": "2025-01-31T19:54:41.350Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/python/cpython/pull/122134"}, {"tags": ["issue-tracking"], "url": "https://github.com/python/cpython/issues/122133"}, {"tags": ["vendor-advisory"], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/29/3"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5"}], "source": {"discovery": "UNKNOWN"}, "title": "Pure-Python fallback of socket.socketpair() doesn\u2019t authenticate peer connection", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-306", "lang": "en", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-31T18:45:03.016211Z", "id": "CVE-2024-3219", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-04T21:44:46.150Z"}}, {"title": "CVE Program Container", "references": [{"tags": ["patch", "x_transferred"], "url": "https://github.com/python/cpython/pull/122134"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://github.com/python/cpython/issues/122133"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/29/3", "tags": ["x_transferred"]}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54"}, {"url": "https://security.netapp.com/advisory/ntap-20250502-0004/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-05-02T23:02:58.327Z"}}]}, "dataVersion": "5.1"}