CVE-2024-0397

CWE-362Race Condition10 documents9 sources
7.4
CVSS
HIGH
EPSS0.4%(60th)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 2.2 | Impact: 5.2

Affected Packages6 packages

CVEListV5python_software_foundation/cpython3.9.03.9.20+5
Debianpython3.9< 3.9.2-1+deb11u2
Ubuntupython3.8< 3.8.10-0ubuntu1~20.04.11
Debianpython3.11< 3.11.2-6+deb12u3
Ubuntupython3.10< 3.10.12-1~22.04.5
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.
NVDMITRE

🔴Vulnerability Details

4
OSV
python3.10, python3.8 vulnerabilities2024-07-30
CVEList
Memory race condition in ssl.SSLContext certificate store methods2024-06-17
GHSA
GHSA-xhf3-pp4q-gxh5: A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl2024-06-17
OSV
CVE-2024-0397: A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl2024-06-17

📋Vendor Advisories

5
Ubuntu
Python vulnerabilities2024-07-30
Oracle
Oracle Oracle Database Server Risk Matrix: OML4Py (Python) — CVE-2024-03972024-07-15
Red Hat
cpython: python: Memory race condition in ssl.SSLContext certificate store methods2024-06-17
Microsoft
Memory race condition in ssl.SSLContext certificate store methods2024-06-11
Debian
CVE-2024-0397: pypy3 - A defect was discovered in the Python “ssl” module where there is a memory race ...2024
CVE-2024-0397 (HIGH CVSS 7.4) | A defect was discovered in the Pyth | cvebase.io