CVE - CVE-2024-0397

CVE-ID
CVE-2024-0397	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d URL:https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d MISC:https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524 URL:https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524 MISC:https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e URL:https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e MISC:https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286 URL:https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286 MISC:https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa URL:https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa MISC:https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab URL:https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab MISC:https://github.com/python/cpython/issues/114572 URL:https://github.com/python/cpython/issues/114572 MISC:https://github.com/python/cpython/pull/114573 URL:https://github.com/python/cpython/pull/114573 MISC:https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ URL:https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ MLIST:[oss-security] 20240617 Fwd: [Security-announce][CVE-2024-0397] Memory race condition in ssl.SSLContext certificate store methods URL:http://www.openwall.com/lists/oss-security/2024/06/17/2
Assigning CNA
Python Software Foundation
Date Record Created
20240110	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240110)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.