U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

Vulnerability Change Records for CVE-2024-3219

Change History

New CVE Received by NIST 7/29/2024 6:15:04 PM

Action Type Old Value New Value
Added Description 

								
							
							
								
							
						
								
							
								
There is a MEDIUM severity vulnerability affecting CPython.

The
 “socket” module provides a pure-Python fallback to the 
socket.socketpair() function for platforms that don’t support AF_UNIX, 
such as Windows. This pure-Python implementation uses AF_INET or 
AF_INET6 to create a local connected pair of sockets. The connection 
between the two sockets was not verified before passing the two sockets 
back to the user, which leaves the server socket vulnerable to a 
connection race from a malicious local peer.

Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.

								
								
					

					

						Added
						Reference
						
							
							
								
							
								

								
							
							
								
							
						
								
							
								
Python Software Foundation https://github.com/python/cpython/issues/122133 [No types assigned]

								
								
					

					

						Added
						Reference
						
							
							
								
							
								

								
							
							
								
							
						
								
							
								
Python Software Foundation https://github.com/python/cpython/pull/122134 [No types assigned]

								
								
					

					

						Added
						Reference
						
							
							
								
							
								

								
							
							
								
							
						
								
							
								
Python Software Foundation https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/ [No types assigned]