CVE-2024-0397

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-0397
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-0397.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-0397
Aliases
Downstream
Related
Published
2024-06-17T15:09:40.896Z
Modified
2026-05-01T04:22:41.535606Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
Memory race condition in ssl.SSLContext certificate store methods
Details

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats()” and “getcacerts()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/0xxx/CVE-2024-0397.json",
    "cna_assigner": "PSF"
}
References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type
GIT
Repo
https://github.com/python/cpython
Events
Introduced
2268289a47c6e3c9a220b53697f9480ec390466f
Fixed
076d169ebbe59f7035eaa28d33d517bcb375f342

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-0397.json"