ByteOS Network

CVE Vulnerability Details :

CVE-2024-3219

PUBLISHED

More Info Official Page

Assigner-PSF

Assigner Org ID-28c92f92-d60d-412d-b760-e73465c3df22

Published At-29 Jul, 2024 | 21:54

Updated At-02 May, 2025 | 23:02

▼CVE Numbering Authority (CNA)

Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection

The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer. Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.

Affected Products

Vendor

Python Software Foundation

Product

CPython

Repo

https://github.com/python/cpython

Platforms

Windows

Default Status

unaffected

Versions

Affected

From 0 before 3.8.20 (python)
From 3.9.0 before 3.9.20 (python)
From 3.10.0 before 3.10.15 (python)
From 3.11.0 before 3.11.10 (python)
From 3.12.0 before 3.12.5 (python)
From 3.13.0a1 before 3.13.0rc1 (python)

Metrics

Version	Base score	Base severity	Vector
4.0	5.1	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Version: 4.0

Base score: 5.1

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Credits

reporter

Ellie

References

Hyperlink	Resource
https://github.com/python/cpython/pull/122134	patch
https://github.com/python/cpython/issues/122133	issue-tracking
https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/	vendor-advisory
http://www.openwall.com/lists/oss-security/2024/07/29/3	N/A
https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20	patch
https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2	patch
https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c	patch
https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929	patch
https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54	patch
https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508	patch
https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39	patch
https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c	patch
https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660	patch
https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d	patch
https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d	patch
https://github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde	patch
https://github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a	patch
https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5	patch

Hyperlink: https://github.com/python/cpython/pull/122134

Resource:

patch

Hyperlink: https://github.com/python/cpython/issues/122133

Resource:

issue-tracking

Hyperlink: https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/

Resource:

vendor-advisory

Hyperlink: http://www.openwall.com/lists/oss-security/2024/07/29/3

Resource: N/A

Hyperlink: https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20

Resource:

patch

Hyperlink: https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2

Resource:

patch

Hyperlink: https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c

Resource:

patch

Hyperlink: https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929

Resource:

patch

Hyperlink: https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54

Resource:

patch

Hyperlink: https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508

Resource:

patch

Hyperlink: https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39

Resource:

patch

Hyperlink: https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c

Resource:

patch

Hyperlink: https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660

Resource:

patch

Hyperlink: https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d

Resource:

patch

Hyperlink: https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d

Resource:

patch

Hyperlink: https://github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde

Resource:

patch

Hyperlink: https://github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a

Resource:

patch

Hyperlink: https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5

Resource:

patch

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-306	CWE-306 Missing Authentication for Critical Function

Type: CWE

CWE ID: CWE-306

Description: CWE-306 Missing Authentication for Critical Function

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://github.com/python/cpython/pull/122134	patch x_transferred
https://github.com/python/cpython/issues/122133	issue-tracking x_transferred
https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/	vendor-advisory x_transferred
http://www.openwall.com/lists/oss-security/2024/07/29/3	x_transferred
https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20	patch x_transferred
https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2	patch x_transferred
https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c	patch x_transferred
https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929	patch x_transferred
https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54	patch x_transferred
https://security.netapp.com/advisory/ntap-20250502-0004/	N/A

Hyperlink: https://github.com/python/cpython/pull/122134

Resource:

patch

x_transferred

Hyperlink: https://github.com/python/cpython/issues/122133

Resource:

issue-tracking

x_transferred

Hyperlink: https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/

Resource:

vendor-advisory

x_transferred

Hyperlink: http://www.openwall.com/lists/oss-security/2024/07/29/3

Resource:

x_transferred

Hyperlink: https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20

Resource:

patch

x_transferred

Hyperlink: https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2

Resource:

patch

x_transferred

Hyperlink: https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c

Resource:

patch

x_transferred

Hyperlink: https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929

Resource:

patch

x_transferred

Hyperlink: https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54

Resource:

patch

x_transferred

Hyperlink: https://security.netapp.com/advisory/ntap-20250502-0004/

Resource: N/A

Affected Products

Affected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References