CVE-2024-3219

Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection

Description

The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer. Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.

Category

5.1
CVSS
Severity: Medium
CVSS 4.0 •
EPSS 0.06%
Vendor Advisory python.org
Affected: Python Software Foundation CPython
Published at:
Updated at:

References

Link Tags
https://github.com/python/cpython/pull/122134 patch
https://github.com/python/cpython/issues/122133 issue tracking
https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/ vendor advisory
http://www.openwall.com/lists/oss-security/2024/07/29/3
https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20 patch
https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2 patch
https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c patch
https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929 patch
https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54 patch
https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508 patch
https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39 patch
https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c patch
https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660 patch
https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d patch
https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d patch
https://github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde patch
https://github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a patch
https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5 patch
https://security.netapp.com/advisory/ntap-20250502-0004/

Frequently Asked Questions

What is the severity of CVE-2024-3219?
CVE-2024-3219 has been scored as a medium severity vulnerability.
How to fix CVE-2024-3219?
To fix CVE-2024-3219, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-3219 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-3219 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-3219?
CVE-2024-3219 affects Python Software Foundation CPython.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.