{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85347?format=json","vulnerability_id":"VCID-tdgk-e9p1-gqfy","summary":"The method \"sock_recvfrom_into()\" of \"asyncio.ProacterEventLoop\" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected.","aliases":[{"alias":"CVE-2026-3298"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101315?format=json","purl":"pkg:deb/debian/python3.11@0?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.11@0%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/101308?format=json","purl":"pkg:deb/debian/python3.11@3.11.2-6%2Bdeb12u7?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.11@3.11.2-6%252Bdeb12u7%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/101320?format=json","purl":"pkg:deb/debian/python3.13@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101322?format=json","purl":"pkg:deb/debian/python3.13@3.13.5-2%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8sg3-h6bw-17hw"},{"vulnerability":"VCID-e86j-9hv6-7qcc"},{"vulnerability":"VCID-je2m-h8kf-qff3"},{"vulnerability":"VCID-k7py-9bvy-gqfp"},{"vulnerability":"VCID-m19s-78x8-pbhg"},{"vulnerability":"VCID-nqug-rsxu-4qac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101319?format=json","purl":"pkg:deb/debian/python3.13@3.13.12-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8sg3-h6bw-17hw"},{"vulnerability":"VCID-bu2x-a43h-zkd5"},{"vulnerability":"VCID-c54p-ya9f-bfhn"},{"vulnerability":"VCID-dgqc-5rnw-t7b6"},{"vulnerability":"VCID-e3n6-car5-g7bt"},{"vulnerability":"VCID-e86j-9hv6-7qcc"},{"vulnerability":"VCID-fy55-615v-fyfs"},{"vulnerability":"VCID-hb67-apsv-5qef"},{"vulnerability":"VCID-je2m-h8kf-qff3"},{"vulnerability":"VCID-k7py-9bvy-gqfp"},{"vulnerability":"VCID-kt4w-dsqj-z3hv"},{"vulnerability":"VCID-kvtg-747s-yyad"},{"vulnerability":"VCID-m19s-78x8-pbhg"},{"vulnerability":"VCID-nqug-rsxu-4qac"},{"vulnerability":"VCID-ups7-78uf-z3fj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101321?format=json","purl":"pkg:deb/debian/python3.13@3.13.14-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.14-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101338?format=json","purl":"pkg:deb/debian/python3.14@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/101333?format=json","purl":"pkg:deb/debian/python3.14@3.14.5-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8sg3-h6bw-17hw"},{"vulnerability":"VCID-e86j-9hv6-7qcc"},{"vulnerability":"VCID-k7py-9bvy-gqfp"},{"vulnerability":"VCID-m19s-78x8-pbhg"},{"vulnerability":"VCID-nqug-rsxu-4qac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.5-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/101335?format=json","purl":"pkg:deb/debian/python3.14@3.14.6-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.6-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/101345?format=json","purl":"pkg:deb/debian/python3.9@0?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/101342?format=json","purl":"pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye"}],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3298","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22266","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22287","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22275","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22085","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3298"},{"reference_url":"https://github.com/python/cpython/commit/1274766d3c29007ab77245a72abbf8dce2a9db4d","reference_id":"1274766d3c29007ab77245a72abbf8dce2a9db4d","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/"}],"url":"https://github.com/python/cpython/commit/1274766d3c29007ab77245a72abbf8dce2a9db4d"},{"reference_url":"https://github.com/python/cpython/issues/148808","reference_id":"148808","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/"}],"url":"https://github.com/python/cpython/issues/148808"},{"reference_url":"https://github.com/python/cpython/pull/148809","reference_id":"148809","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/"}],"url":"https://github.com/python/cpython/pull/148809"},{"reference_url":"https://github.com/python/cpython/commit/27522b7d6e6588f03e61099dd858cd5a9314e2f2","reference_id":"27522b7d6e6588f03e61099dd858cd5a9314e2f2","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/"}],"url":"https://github.com/python/cpython/commit/27522b7d6e6588f03e61099dd858cd5a9314e2f2"},{"reference_url":"https://github.com/python/cpython/commit/95633d2aad4721e25e4dfd9f43dfb6e1edcbd741","reference_id":"95633d2aad4721e25e4dfd9f43dfb6e1edcbd741","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/"}],"url":"https://github.com/python/cpython/commit/95633d2aad4721e25e4dfd9f43dfb6e1edcbd741"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/KWTPIQBOOOUNQP7UFSLBI437NJDFLA3F/","reference_id":"KWTPIQBOOOUNQP7UFSLBI437NJDFLA3F","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/KWTPIQBOOOUNQP7UFSLBI437NJDFLA3F/"}],"weaknesses":[{"cwe_id":787,"name":"Out-of-bounds Write","description":"The product writes data past the end, or before the beginning, of the intended buffer."}],"exploits":[],"severity_range_score":"8.8 - 8.8","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tdgk-e9p1-gqfy"}