Search for vulnerabilities
Vulnerability details: VCID-u5e1-ny7x-aaab
Vulnerability ID VCID-u5e1-ny7x-aaab
Aliases CVE-2024-0397
Summary A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.
Status Published
Exploitability 0.5
Weighted Severity 4.5
Risk 2.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
System Score Found at
cvssv3 5.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0397.json
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00855 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00855 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00855 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00855 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00855 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00855 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00855 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00855 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.00855 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
epss 0.01401 https://api.first.org/data/v1/epss?cve=CVE-2024-0397
cvssv3.1 4.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0397.json
https://api.first.org/data/v1/epss?cve=CVE-2024-0397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0397
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d
https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524
https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e
https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286
https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa
https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab
https://github.com/python/cpython/issues/114572
https://github.com/python/cpython/pull/114573
https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/
https://security.netapp.com/advisory/ntap-20250411-0006/
http://www.openwall.com/lists/oss-security/2024/06/17/2
2301891 https://bugzilla.redhat.com/show_bug.cgi?id=2301891
CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397
RHSA-2024:9190 https://access.redhat.com/errata/RHSA-2024:9190
RHSA-2024:9192 https://access.redhat.com/errata/RHSA-2024:9192
USN-6928-1 https://usn.ubuntu.com/6928-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0397.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.14083
EPSS Score 0.00044
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-06-17T20:19:43.301972+00:00 SUSE Severity Score Importer Import https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml 34.0.0rc4