CVE-2024-3219 is a medium-severity vulnerability that affects the CPython socket module. This vulnerability allows the socket module, which provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows, to be exploited. The implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets without verifying the connection between the two sockets before passing them back to the user. This oversight leaves the server socket vulnerable to a connection race from a malicious local peer.
Platforms that support AF_UNIX, such as Linux and macOS, are not affected by this vulnerability. Moreover, versions prior to CPython 3.5 are not vulnerable as the susceptible API was not included in those releases. Organizations should prioritize patching immediately to mitigate risks associated with this vulnerability.
The CVSS score for this vulnerability is 5.1, indicating a medium level of severity. Given the potential for exploitation, it is crucial for organizations to assess their risk and implement necessary mitigations without delay.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)