{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-3219","assignerOrgId":"28c92f92-d60d-412d-b760-e73465c3df22","state":"PUBLISHED","assignerShortName":"PSF","dateReserved":"2024-04-02T18:03:22.557Z","datePublished":"2024-07-29T21:54:05.830Z","dateUpdated":"2025-05-02T23:02:58.327Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows"],"product":"CPython","repo":"https://github.com/python/cpython","vendor":"Python Software Foundation","versions":[{"lessThan":"3.8.20","status":"affected","version":"0","versionType":"python"},{"lessThan":"3.9.20","status":"affected","version":"3.9.0","versionType":"python"},{"lessThan":"3.10.15","status":"affected","version":"3.10.0","versionType":"python"},{"lessThan":"3.11.10","status":"affected","version":"3.11.0","versionType":"python"},{"lessThan":"3.12.5","status":"affected","version":"3.12.0","versionType":"python"},{"lessThan":"3.13.0rc1","status":"affected","version":"3.13.0a1","versionType":"python"}]}],"credits":[{"lang":"en","type":"reporter","value":"Ellie"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The\n “socket” module provides a pure-Python fallback to the \nsocket.socketpair() function for platforms that don’t support AF_UNIX, \nsuch as Windows. This pure-Python implementation uses AF_INET or \nAF_INET6 to create a local connected pair of sockets. The connection \nbetween the two sockets was not verified before passing the two sockets \nback to the user, which leaves the server socket vulnerable to a \nconnection race from a malicious local peer.<br><br>Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.<br>"}],"value":"The\n “socket” module provides a pure-Python fallback to the \nsocket.socketpair() function for platforms that don’t support AF_UNIX, \nsuch as Windows. This pure-Python implementation uses AF_INET or \nAF_INET6 to create a local connected pair of sockets. The connection \nbetween the two sockets was not verified before passing the two sockets \nback to the user, which leaves the server socket vulnerable to a \nconnection race from a malicious local peer.\n\nPlatforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":5.1,"baseSeverity":"MEDIUM","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"providerMetadata":{"orgId":"28c92f92-d60d-412d-b760-e73465c3df22","shortName":"PSF","dateUpdated":"2025-01-31T19:54:41.350Z"},"references":[{"tags":["patch"],"url":"https://github.com/python/cpython/pull/122134"},{"tags":["issue-tracking"],"url":"https://github.com/python/cpython/issues/122133"},{"tags":["vendor-advisory"],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/29/3"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5"}],"source":{"discovery":"UNKNOWN"},"title":"Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-306","lang":"en","description":"CWE-306 Missing Authentication for Critical Function"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-31T18:45:03.016211Z","id":"CVE-2024-3219","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-04T21:44:46.150Z"}},{"title":"CVE Program Container","references":[{"tags":["patch","x_transferred"],"url":"https://github.com/python/cpython/pull/122134"},{"tags":["issue-tracking","x_transferred"],"url":"https://github.com/python/cpython/issues/122133"},{"tags":["vendor-advisory","x_transferred"],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/29/3","tags":["x_transferred"]},{"tags":["patch","x_transferred"],"url":"https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20"},{"tags":["patch","x_transferred"],"url":"https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2"},{"tags":["patch","x_transferred"],"url":"https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c"},{"tags":["patch","x_transferred"],"url":"https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929"},{"tags":["patch","x_transferred"],"url":"https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54"},{"url":"https://security.netapp.com/advisory/ntap-20250502-0004/"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-05-02T23:02:58.327Z"}}]},"dataVersion":"5.1"}