AZL-54042

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54042.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-54042

Upstream

CVE-2024-12254

Published

2024-12-06T16:15:20Z

Modified

2026-04-01T05:18:10.977184Z

Summary

CVE-2024-12254 affecting package python3 for versions less than 3.12.3-5

Details

Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion.

This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true then your usage of Python is unaffected.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-12254

Affected packages

Azure Linux:3 / python3

Package

Name: python3
Purl: pkg:rpm/azure-linux/python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.12.3-5

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54042.json"