CVE-2024-3219 (GCVE-0-2024-3219)
Vulnerability from cvelistv5
Published
2024-07-29 21:54
Modified
2025-05-02 23:02
Severity ?
5.1 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer. Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.
References
cna@python.org http://www.openwall.com/lists/oss-security/2024/07/29/3
cna@python.org https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20
cna@python.org https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2
cna@python.org https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c
cna@python.org https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508
cna@python.org https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d
cna@python.org https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d
cna@python.org https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39
cna@python.org https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929
cna@python.org https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5
cna@python.org https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54
cna@python.org https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c
cna@python.org https://github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde
cna@python.org https://github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a
cna@python.org https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660
cna@python.org https://github.com/python/cpython/issues/122133
cna@python.org https://github.com/python/cpython/pull/122134
cna@python.org https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2024/07/29/3
af854a3a-2127-422b-91ae-364da2661108 https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20
af854a3a-2127-422b-91ae-364da2661108 https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2
af854a3a-2127-422b-91ae-364da2661108 https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c
af854a3a-2127-422b-91ae-364da2661108 https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929
af854a3a-2127-422b-91ae-364da2661108 https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54
af854a3a-2127-422b-91ae-364da2661108 https://github.com/python/cpython/issues/122133
af854a3a-2127-422b-91ae-364da2661108 https://github.com/python/cpython/pull/122134
af854a3a-2127-422b-91ae-364da2661108 https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/
af854a3a-2127-422b-91ae-364da2661108 https://security.netapp.com/advisory/ntap-20250502-0004/
Impacted products
Vendor Product Version
Python Software Foundation CPython Version: 0
Version: 3.9.0
Version: 3.10.0
Version: 3.11.0
Version: 3.12.0
Version: 3.13.0a1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3219",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-31T18:45:03.016211Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-306",
                "description": "CWE-306 Missing Authentication for Critical Function",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-04T21:44:46.150Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-02T23:02:58.327Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/pull/122134"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/issues/122133"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/07/29/3"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250502-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.8.20",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.9.20",
              "status": "affected",
              "version": "3.9.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.10.15",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.10",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.5",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.0rc1",
              "status": "affected",
              "version": "3.13.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Ellie"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The\n \u201csocket\u201d module provides a pure-Python fallback to the \nsocket.socketpair() function for platforms that don\u2019t support AF_UNIX, \nsuch as Windows. This pure-Python implementation uses AF_INET or \nAF_INET6 to create a local connected pair of sockets. The connection \nbetween the two sockets was not verified before passing the two sockets \nback to the user, which leaves the server socket vulnerable to a \nconnection race from a malicious local peer.\u003cbr\u003e\u003cbr\u003ePlatforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.\u003cbr\u003e"
            }
          ],
          "value": "The\n \u201csocket\u201d module provides a pure-Python fallback to the \nsocket.socketpair() function for platforms that don\u2019t support AF_UNIX, \nsuch as Windows. This pure-Python implementation uses AF_INET or \nAF_INET6 to create a local connected pair of sockets. The connection \nbetween the two sockets was not verified before passing the two sockets \nback to the user, which leaves the server socket vulnerable to a \nconnection race from a malicious local peer.\n\nPlatforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-31T19:54:41.350Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/122134"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/122133"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/07/29/3"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Pure-Python fallback of socket.socketpair() doesn\u2019t authenticate peer connection",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2024-3219",
    "datePublished": "2024-07-29T21:54:05.830Z",
    "dateReserved": "2024-04-02T18:03:22.557Z",
    "dateUpdated": "2025-05-02T23:02:58.327Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-3219\",\"sourceIdentifier\":\"cna@python.org\",\"published\":\"2024-07-29T22:15:04.970\",\"lastModified\":\"2025-05-02T23:15:15.613\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The\\n \u201csocket\u201d module provides a pure-Python fallback to the \\nsocket.socketpair() function for platforms that don\u2019t support AF_UNIX, \\nsuch as Windows. This pure-Python implementation uses AF_INET or \\nAF_INET6 to create a local connected pair of sockets. The connection \\nbetween the two sockets was not verified before passing the two sockets \\nback to the user, which leaves the server socket vulnerable to a \\nconnection race from a malicious local peer.\\n\\nPlatforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de gravedad MEDIA que afecta a CPython. El m\u00f3dulo \\\"socket\\\" proporciona un respaldo de Python puro a la funci\u00f3n socket.socketpair() para plataformas que no admiten AF_UNIX, como Windows. Esta implementaci\u00f3n pura de Python utiliza AF_INET o AF_INET6 para crear un par de sockets conectados localmente. La conexi\u00f3n entre los dos sockets no se verific\u00f3 antes de devolverlos al usuario, lo que deja al socket del servidor vulnerable a una ejecuci\u00f3n de conexi\u00f3n de un par local malicioso. Las plataformas que admiten AF_UNIX, como Linux y macOS, no se ven afectadas por esta vulnerabilidad. Las versiones anteriores a CPython 3.5 no se ven afectadas debido a que no se incluye la API vulnerable.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@python.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/29/3\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/issues/122133\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/pull/122134\",\"source\":\"cna@python.org\"},{\"url\":\"https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/\",\"source\":\"cna@python.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/29/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/python/cpython/issues/122133\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/python/cpython/pull/122134\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250502-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/python/cpython/pull/122134\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/issues/122133\", \"tags\": [\"issue-tracking\", \"x_transferred\"]}, {\"url\": \"https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/29/3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20250502-0004/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-05-02T23:02:58.327Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-3219\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-31T18:45:03.016211Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306 Missing Authentication for Critical Function\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-31T18:45:08.194Z\"}}], \"cna\": {\"title\": \"Pure-Python fallback of socket.socketpair() doesn\\u2019t authenticate peer connection\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Ellie\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/python/cpython\", \"vendor\": \"Python Software Foundation\", \"product\": \"CPython\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.8.20\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.9.0\", \"lessThan\": \"3.9.20\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.10.0\", \"lessThan\": \"3.10.15\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.11.0\", \"lessThan\": \"3.11.10\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.12.0\", \"lessThan\": \"3.12.5\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.13.0a1\", \"lessThan\": \"3.13.0rc1\", \"versionType\": \"python\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/python/cpython/pull/122134\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/issues/122133\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/29/3\"}, {\"url\": \"https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The\\n \\u201csocket\\u201d module provides a pure-Python fallback to the \\nsocket.socketpair() function for platforms that don\\u2019t support AF_UNIX, \\nsuch as Windows. This pure-Python implementation uses AF_INET or \\nAF_INET6 to create a local connected pair of sockets. The connection \\nbetween the two sockets was not verified before passing the two sockets \\nback to the user, which leaves the server socket vulnerable to a \\nconnection race from a malicious local peer.\\n\\nPlatforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The\\n \\u201csocket\\u201d module provides a pure-Python fallback to the \\nsocket.socketpair() function for platforms that don\\u2019t support AF_UNIX, \\nsuch as Windows. This pure-Python implementation uses AF_INET or \\nAF_INET6 to create a local connected pair of sockets. The connection \\nbetween the two sockets was not verified before passing the two sockets \\nback to the user, which leaves the server socket vulnerable to a \\nconnection race from a malicious local peer.\u003cbr\u003e\u003cbr\u003ePlatforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"28c92f92-d60d-412d-b760-e73465c3df22\", \"shortName\": \"PSF\", \"dateUpdated\": \"2025-01-31T19:54:41.350Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-3219\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-02T23:02:58.327Z\", \"dateReserved\": \"2024-04-02T18:03:22.557Z\", \"assignerOrgId\": \"28c92f92-d60d-412d-b760-e73465c3df22\", \"datePublished\": \"2024-07-29T21:54:05.830Z\", \"assignerShortName\": \"PSF\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.