{"id":"AZL-54042","summary":"CVE-2024-12254 affecting package python3 for versions less than 3.12.3-5","details":"Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()\n method would not \"pause\" writing and signal to the Protocol to drain \nthe buffer to the wire once the write buffer reached the \"high-water \nmark\". Because of this, Protocols would not periodically drain the write\n buffer potentially leading to memory exhaustion.\n\n\n\n\n\nThis\n vulnerability likely impacts a small number of users, you must be using\n Python 3.12.0 or later, on macOS or Linux, using the asyncio module \nwith protocols, and using .writelines() method which had new \nzero-copy-on-write behavior in Python 3.12.0 and later. If not all of \nthese factors are true then your usage of Python is unaffected.","modified":"2026-04-01T05:18:10.977184Z","published":"2024-12-06T16:15:20Z","upstream":["CVE-2024-12254"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-12254"}],"affected":[{"package":{"name":"python3","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/python3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.3-5"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54042.json"}}],"schema_version":"1.7.5"}