CVE-2023-38898

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-38898
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38898.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-38898
Aliases
Withdrawn
2023-08-25T00:36:15Z
Published
2023-08-15T17:15:12Z
Modified
2024-09-11T04:55:17.300099Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the asyncio.swapcurrenttask component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call asyncio.swapcurrenttask but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug.

References

Affected packages

Debian:13 / python3.12

Package

Name
python3.12
Purl
pkg:deb/debian/python3.12?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.0~b4-1

Affected versions

3.*

3.12.0~a5-1
3.12.0~a7-1
3.12.0~b1-1
3.12.0~b2-1
3.12.0~b2-2
3.12.0~b2-3
3.12.0~b3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}