CVE-2024-3219 – Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection
https://notcve.org/view.php?id=CVE-2024-3219
The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer. Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included. • https://github.com/python/cpython/pull/122134 https://github.com/python/cpython/issues/122133 https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B http://www.openwall.com/lists/oss-security/2024/07/29/3 https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20 https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2 https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c https://github.com/python/cpython •
CVE-2024-0397 – Memory race condition in ssl.SSLContext certificate store methods
https://notcve.org/view.php?id=CVE-2024-0397
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5. Se descubrió un defecto en el módulo “ssl” de Python donde existe una condición de ejecución de memoria con los métodos ssl.SSLContext “cert_store_stats()” y “get_ca_certs()”. La condición de ejecución se puede desencadenar si los métodos se llaman al mismo tiempo que se cargan los certificados en SSLContext, como durante el protocolo de enlace TLS con un directorio de certificados configurado. Este problema se solucionó en CPython 3.10.14, 3.11.9, 3.12.3 y 3.13.0a5. • http://www.openwall.com/lists/oss-security/2024/06/17/2 https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524 https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286 https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab https://github.com • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2024-4032 – Incorrect IPv4 and IPv6 private ranges
https://notcve.org/view.php?id=CVE-2024-4032
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior. El módulo "ipaddress" contenía información incorrecta sobre si ciertas direcciones IPv4 e IPv6 estaban designadas como "accesibles globalmente" o "privadas". Esto afectó las propiedades is_private e is_global de las clases ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address y ipaddress.IPv6Network, donde los valores no se devolverían de acuerdo con la información más reciente de los Registros de direcciones de propósito especial de la IANA. CPython 3.12.4 y 3.13.0a6 contienen información actualizada de estos registros y, por lo tanto, tienen el comportamiento previsto. • http://www.openwall.com/lists/oss-security/2024/06/17/3 https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8 https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3 https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906 https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3 https://github.com • CWE-440: Expected Behavior Violation CWE-697: Incorrect Comparison •
CVE-2024-4030 – tempfile.mkdtemp() may be readable and writeable by all users on Windows
https://notcve.org/view.php?id=CVE-2024-4030
On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions. If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user. This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions. En Windows, un directorio devuelto por tempfile.mkdtemp() no siempre tendría permisos configurados para restringir la lectura y escritura en el directorio temporal por parte de otros usuarios, sino que normalmente heredaría los permisos correctos de la ubicación predeterminada. • https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee https://github. • CWE-276: Incorrect Default Permissions •
CVE-2023-6597 – python: Path traversal on tempfile.TemporaryDirectory
https://notcve.org/view.php?id=CVE-2023-6597
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. Se encontró un problema en la clase CPython `tempfile.TemporaryDirectory` que afecta a las versiones 3.12.2, 3.11.8, 3.10.13, 3.9.18 y 3.8.18 y anteriores. La clase tempfile.TemporaryDirectory eliminaría la referencia a enlaces simbólicos durante la limpieza de errores relacionados con permisos. Esto significa que los usuarios que pueden ejecutar programas privilegiados pueden modificar los permisos de los archivos a los que hacen referencia los enlaces simbólicos en algunas circunstancias. • http://www.openwall.com/lists/oss-security/2024/03/20/5 https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25 https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5 https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82 https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b https://github.com • CWE-61: UNIX Symbolic Link (Symlink) Following •