Описание
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| pypy3 | fixed | 7.3.16+dfsg-1 | package | |
| pypy3 | no-dsa | bookworm | package | |
| pypy3 | postponed | bullseye | package | |
| python3.13 | not-affected | package | ||
| python3.12 | fixed | 3.12.3-1 | package | |
| python3.11 | fixed | 3.11.9-1 | package | |
| python3.9 | removed | package | ||
| python3.7 | removed | package | ||
| python2.7 | removed | package | ||
| python2.7 | ignored | bullseye | package |
Примечания
https://github.com/advisories/GHSA-xhf3-pp4q-gxh5
https://github.com/python/cpython/issues/114572
https://github.com/python/cpython/pull/114573
https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286 (v3.12.3)
https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d (v3.11.9)
https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa (3.9-branch)
https://github.com/pypy/pypy/commit/8035017515660b3f19a5aec8b28237b57fc5d6dd (release-pypy3.9-v7.3.16)
EPSS
Связанные уязвимости
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.
EPSS