← Back to CVE List

CVE-2024-3219

Published: 2024-07-29T22:15Z
Last Modified: 2025-01-31T20:15Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer. Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt