CVE-2024-5642
Buffer overread when using an empty list with SSLContext.set_npn_protocols()
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).
CPython 3.9 y versiones anteriores no permiten la configuración de una lista vacía ("[]") para SSLContext.set_npn_protocols(), que es un valor no válido para la API OpenSSL subyacente. Esto da como resultado una lectura excesiva del búfer cuando se utiliza NPN (consulte CVE-2024-5535 para OpenSSL). Esta vulnerabilidad es de baja gravedad debido a que NPN no se usa ampliamente y especificar una lista vacía probablemente sea poco común en la práctica (normalmente se configuraría un nombre de protocolo).
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-06-04 CVE Reserved
- 2024-06-27 CVE Published
- 2024-07-02 EPSS Updated
- 2024-11-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (7)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e | 2024-07-01 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sle-module-basesystem Search vendor "Suse" for product "Sle-module-basesystem" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sle-module-development-tools Search vendor "Suse" for product "Sle-module-development-tools" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sle-module-legacy Search vendor "Suse" for product "Sle-module-legacy" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sle-sdk Search vendor "Suse" for product "Sle-sdk" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sle Hpc-espos Search vendor "Suse" for product "Sle Hpc-espos" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sle Hpc-ltss Search vendor "Suse" for product "Sle Hpc-ltss" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sle Hpc Search vendor "Suse" for product "Sle Hpc" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sled Search vendor "Suse" for product "Sled" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sles-ltss Search vendor "Suse" for product "Sles-ltss" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sles Search vendor "Suse" for product "Sles" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Sles Sap Search vendor "Suse" for product "Sles Sap" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Suse-manager-proxy Search vendor "Suse" for product "Suse-manager-proxy" | * | - |
Affected
| ||||||
Suse Search vendor "Suse" | Suse-manager-server Search vendor "Suse" for product "Suse-manager-server" | * | - |
Affected
|