Description

The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer. Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.

INFO

Published Date :

2024-07-29T21:54:05.830Z

Last Modified :

2025-05-02T23:02:58.327Z

Source :

PSF
AFFECTED PRODUCTS

The following products are affected by CVE-2024-3219 vulnerability.

Vendors Products
Python Software Foundation
  • Cpython
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-3219.

URL Resource
http://www.openwall.com/lists/oss-security/2024/07/29/3 cve-icon cve-icon
https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20 cve-icon cve-icon
https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2 cve-icon cve-icon
https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c cve-icon cve-icon
https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508 cve-icon cve-icon
https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d cve-icon cve-icon
https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d cve-icon cve-icon
https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39 cve-icon cve-icon
https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929 cve-icon cve-icon
https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5 cve-icon cve-icon
https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54 cve-icon cve-icon
https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c cve-icon cve-icon
https://github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde cve-icon cve-icon
https://github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a cve-icon cve-icon
https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660 cve-icon cve-icon
https://github.com/python/cpython/issues/122133 cve-icon cve-icon
https://github.com/python/cpython/pull/122134 cve-icon cve-icon
https://mail.python.org/archives/list/[email protected]/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/ cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20250502-0004/ cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability