U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-3219

Change History

CVE Modified by Python Software Foundation 10/17/2024 3:15:22 PM

Action Type Old Value New Value
Changed Description
There is a MEDIUM severity vulnerability affecting CPython.

The
 “socket” module provides a pure-Python fallback to the 
socket.socketpair() function for platforms that don’t support AF_UNIX, 
such as Windows. This pure-Python implementation uses AF_INET or 
AF_INET6 to create a local connected pair of sockets. The connection 
between the two sockets was not verified before passing the two sockets 
back to the user, which leaves the server socket vulnerable to a 
connection race from a malicious local peer.

Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.
The
 “socket” module provides a pure-Python fallback to the 
socket.socketpair() function for platforms that don’t support AF_UNIX, 
such as Windows. This pure-Python implementation uses AF_INET or 
AF_INET6 to create a local connected pair of sockets. The connection 
between the two sockets was not verified before passing the two sockets 
back to the user, which leaves the server socket vulnerable to a 
connection race from a malicious local peer.

Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.
Added CVSS V4.0

								
							
							
						
Python Software Foundation CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Removed CVSS V4.0
Python Software Foundation AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X