{"id":"PSF-2024-4","details":"A defect was discovered in the Python “ssl” module where there is a memory\nrace condition with the ssl.SSLContext methods “cert_store_stats()” and\n“get_ca_certs()”. The race condition can be triggered if the methods are\ncalled at the same time as certificates are loaded into the SSLContext,\nsuch as during the TLS handshake with a certificate directory configured.\nThis issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.","aliases":["BIT-libpython-2024-0397","BIT-python-2024-0397","BIT-python-min-2024-0397","CVE-2024-0397"],"modified":"2025-09-19T01:46:48.045244Z","published":"2024-06-17T15:09:40.896Z","database_specific":{"cwe_ids":[]},"references":[{"type":"REPORT","url":"https://github.com/python/cpython/issues/114572"},{"type":"WEB","url":"https://github.com/python/cpython/pull/114573"},{"type":"ADVISORY","url":"https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/"},{"type":"FIX","url":"https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d"},{"type":"FIX","url":"https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524"},{"type":"FIX","url":"https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e"},{"type":"FIX","url":"https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286"},{"type":"FIX","url":"https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa"},{"type":"FIX","url":"https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/06/17/2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"01c37f1d0714f5822d34063ca7180b595abf589d"},{"fixed":"29c97287d205bf2f410f4895ebce3f43b5160524"},{"fixed":"37324b421b72b7bc9934e27aba85d48d4773002e"},{"fixed":"542f3272f56f31ed04e74c40635a913fbc12d286"},{"fixed":"b228655c227b2ca298a8ffac44d14ce3d22f6faa"},{"fixed":"bce693111bff906ccf9281c22371331aaff766ab"}]}],"versions":["2.5","3.2","v0.9.8","v0.9.9","v1.0.1","v1.0.2","v1.1","v1.1.1","v1.2","v1.2b1","v1.2b2","v1.2b3","v1.2b4","v1.3","v1.3b1","v1.4","v1.4b1","v1.4b2","v1.4b3","v1.5","v1.5.1","v1.5.2","v1.5.2a1","v1.5.2a2","v1.5.2b1","v1.5.2b2","v1.5.2c1","v1.5a1","v1.5a2","v1.5a3","v1.5a4","v1.5b1","v1.5b2","v1.6a1","v1.6a2","v2.0","v2.0b1","v2.0b2","v2.0c1","v2.1","v2.1a1","v2.1a2","v2.1b1","v2.1b2","v2.1c1","v2.1c2","v2.2a3","v2.3c1","v2.3c2","v2.4","v2.4a1","v2.4a2","v2.4a3","v2.4b1","v2.4b2","v2.4c1","v2.5","v2.5.1","v2.5.1c1","v2.5.2","v2.5.2c1","v2.5.3","v2.5.3c1","v2.5.4","v2.5.5","v2.5.5c1","v2.5.5c2","v2.5.6","v2.5.6c1","v2.5a0","v2.5a1","v2.5a2","v2.5b1","v2.5b2","v2.5b3","v2.5c1","v2.5c2","v2.6","v2.6.1","v2.6.2","v2.6.2c1","v2.6.3","v2.6.3rc1","v2.6.4","v2.6.4rc1","v2.6.4rc2","v2.6.5","v2.6.5rc1","v2.6.5rc2","v2.6.6","v2.6.6rc1","v2.6.6rc2","v2.6.7","v2.6.8","v2.6.8rc1","v2.6.8rc2","v2.6a1","v2.6a2","v2.6a3","v2.6b1","v2.6b2","v2.6b3","v2.6rc1","v2.6rc2","v2.7","v2.7.1","v2.7.1rc1","v2.7.2","v2.7.2rc1","v2.7.3","v2.7.3rc1","v2.7.3rc2","v2.7.4rc1","v2.7a1","v2.7a2","v2.7a3","v2.7a4","v2.7b1","v2.7b2","v2.7rc1","v2.7rc2","v3.0a1","v3.0a2","v3.0a3","v3.0a4","v3.0a5","v3.0b1","v3.0b2","v3.0b3","v3.0rc1","v3.0rc2","v3.0rc3","v3.1","v3.1.1","v3.1.1rc1","v3.1.2","v3.1.2rc1","v3.1.3","v3.1.3rc1","v3.1.4","v3.1.4rc1","v3.1.5","v3.1.5rc1","v3.1.5rc2","v3.10.0","v3.10.0a1","v3.10.0a2","v3.10.0a3","v3.10.0a4","v3.10.0a5","v3.10.0a6","v3.10.0a7","v3.10.0b1","v3.10.0b2","v3.10.0b3","v3.10.0b4","v3.10.0rc1","v3.10.0rc2","v3.10.1","v3.10.10","v3.10.11","v3.10.12","v3.10.13","v3.10.2","v3.10.3","v3.10.4","v3.10.5","v3.10.6","v3.10.7","v3.10.8","v3.10.9","v3.11.0","v3.11.0a1","v3.11.0a2","v3.11.0a3","v3.11.0a4","v3.11.0a5","v3.11.0a6","v3.11.0a7","v3.11.0b1","v3.11.0b2","v3.11.0b3","v3.11.0b4","v3.11.0b5","v3.11.0rc1","v3.11.0rc2","v3.11.1","v3.11.2","v3.11.3","v3.11.4","v3.11.5","v3.11.6","v3.11.7","v3.11.8","v3.12.0","v3.12.0a1","v3.12.0a2","v3.12.0a3","v3.12.0a4","v3.12.0a5","v3.12.0a6","v3.12.0a7","v3.12.0b1","v3.12.0b2","v3.12.0b3","v3.12.0b4","v3.12.0rc1","v3.12.0rc2","v3.12.0rc3","v3.12.1","v3.12.2","v3.13.0a1","v3.13.0a2","v3.13.0a3","v3.13.0a4","v3.1a1","v3.1a2","v3.1b1","v3.1rc1","v3.1rc2","v3.2","v3.2.1","v3.2.1b1","v3.2.1rc1","v3.2.1rc2","v3.2.2","v3.2.2rc1","v3.2.3","v3.2.3rc1","v3.2.3rc2","v3.2.4","v3.2.4rc1","v3.2.5","v3.2.6","v3.2.6rc1","v3.2a1","v3.2a2","v3.2a3","v3.2a4","v3.2b1","v3.2b2","v3.2rc1","v3.2rc2","v3.2rc3","v3.3.0","v3.3.0a1","v3.3.0a2","v3.3.0a3","v3.3.0a4","v3.3.0b1","v3.3.0b2","v3.3.0rc1","v3.3.0rc2","v3.3.0rc3","v3.3.1","v3.3.1rc1","v3.3.2","v3.3.3","v3.3.3rc1","v3.3.3rc2","v3.3.4","v3.3.4rc1","v3.3.5","v3.3.5rc1","v3.3.5rc2","v3.3.6","v3.3.6rc1","v3.4.0","v3.4.0a1","v3.4.0a2","v3.4.0a3","v3.4.0a4","v3.4.0b1","v3.4.0b2","v3.4.0b3","v3.4.0rc1","v3.4.0rc2","v3.4.0rc3","v3.4.1","v3.4.1rc1","v3.4.2","v3.4.2rc1","v3.4.3","v3.4.3rc1","v3.4.4","v3.4.4rc1","v3.4.5","v3.4.5rc1","v3.4.6","v3.4.6rc1","v3.5.0","v3.5.0a1","v3.5.0a2","v3.5.0a3","v3.5.0a4","v3.5.0b1","v3.5.0b2","v3.5.0b3","v3.5.0b4","v3.5.0rc1","v3.5.0rc2","v3.5.0rc3","v3.5.0rc4","v3.5.1","v3.5.1rc1","v3.5.2","v3.5.2rc1","v3.5.3","v3.5.3rc1","v3.6.0","v3.6.0a1","v3.6.0a2","v3.6.0a3","v3.6.0a4","v3.6.0b1","v3.6.0b2","v3.6.0b3","v3.6.0b4","v3.6.0rc1","v3.6.0rc2","v3.7.0a1","v3.7.0a2","v3.7.0a3","v3.7.0a4","v3.8.0a1","v3.8.0a2","v3.8.0a3","v3.8.0a4","v3.8.0b1","v3.9.0","v3.9.0a1","v3.9.0a2","v3.9.0a3","v3.9.0a4","v3.9.0a5","v3.9.0a6","v3.9.0b1","v3.9.0b2","v3.9.0b3","v3.9.0b4","v3.9.0b5","v3.9.0rc1","v3.9.0rc2","v3.9.1","v3.9.10","v3.9.11","v3.9.12","v3.9.13","v3.9.14","v3.9.15","v3.9.16","v3.9.17","v3.9.18","v3.9.19","v3.9.1rc1","v3.9.2","v3.9.2rc1","v3.9.3","v3.9.4","v3.9.5","v3.9.6","v3.9.7","v3.9.8","v3.9.9"],"database_specific":{"source":"https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2024-4.json","vanir_signatures":[{"digest":{"length":543,"function_hash":"214924729268783521281066775001235137272"},"signature_version":"v1","source":"https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab","deprecated":false,"target":{"function":"_ssl__SSLContext_cert_store_stats_impl","file":"Modules/_ssl.c"},"signature_type":"Function","id":"PSF-2024-4-0c8cf5b1"},{"digest":{"length":803,"function_hash":"267831615190247464740372781677498586151"},"signature_version":"v1","source":"https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286","deprecated":false,"target":{"function":"_ssl__SSLContext_get_ca_certs_impl","file":"Modules/_ssl.c"},"signature_type":"Function","id":"PSF-2024-4-11b2b330"},{"digest":{"length":543,"function_hash":"214924729268783521281066775001235137272"},"signature_version":"v1","source":"https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d","deprecated":false,"target":{"function":"_ssl__SSLContext_cert_store_stats_impl","file":"Modules/_ssl.c"},"signature_type":"Function","id":"PSF-2024-4-1ab374ce"},{"digest":{"length":803,"function_hash":"267831615190247464740372781677498586151"},"signature_version":"v1","source":"https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d","deprecated":false,"target":{"function":"_ssl__SSLContext_get_ca_certs_impl","file":"Modules/_ssl.c"},"signature_type":"Function","id":"PSF-2024-4-2e8506ae"},{"digest":{"threshold":0.9,"line_hashes":["123530213572272044241009411496197871817","200201299181124484660293268760519148168","259695878569452326377606599870398938295","233960810333570605655484121024638076304","226970706793784016314893614203664183907","84413303792988807738388360934890567725","61618566130899658539256274858072069038","257935939472092423356717595012241358413","273044645211350846033584871890401335473","163365333947463192760216260292028193514","81477913632691801171744826625067917144","30158334562189795078273720525780082792","206178550708965781737504027480992523578","28986385988719369160723320181902825911","176618413189878984630475223888358291421","301143843603784104916942442533451237526","95497145508302319014478414429507557267","304454812945834557149447389223461706170","25875761612873731263687065831873739463","190334277521573426903605423155396613838","170106451010986521382851563875727465792","253792490082630518316939501398020113891","288983681670899251818987542178005187293"]},"signature_version":"v1","source":"https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e","deprecated":false,"target":{"file":"Modules/_ssl.c"},"signature_type":"Line","id":"PSF-2024-4-346dad17"},{"digest":{"length":543,"function_hash":"214924729268783521281066775001235137272"},"signature_version":"v1","source":"https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524","deprecated":false,"target":{"function":"_ssl__SSLContext_cert_store_stats_impl","file":"Modules/_ssl.c"},"signature_type":"Function","id":"PSF-2024-4-6d4a3c26"},{"digest":{"threshold":0.9,"line_hashes":["123530213572272044241009411496197871817","200201299181124484660293268760519148168","259695878569452326377606599870398938295","233960810333570605655484121024638076304","226970706793784016314893614203664183907","84413303792988807738388360934890567725","61618566130899658539256274858072069038","257935939472092423356717595012241358413","273044645211350846033584871890401335473","163365333947463192760216260292028193514","81477913632691801171744826625067917144","30158334562189795078273720525780082792","206178550708965781737504027480992523578","28986385988719369160723320181902825911","176618413189878984630475223888358291421","301143843603784104916942442533451237526","95497145508302319014478414429507557267","304454812945834557149447389223461706170","25875761612873731263687065831873739463","190334277521573426903605423155396613838","170106451010986521382851563875727465792","253792490082630518316939501398020113891","288983681670899251818987542178005187293"]},"signature_version":"v1","source":"https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab","deprecated":false,"target":{"file":"Modules/_ssl.c"},"signature_type":"Line","id":"PSF-2024-4-705ce908"},{"digest":{"length":803,"function_hash":"267831615190247464740372781677498586151"},"signature_version":"v1","source":"https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e","deprecated":false,"target":{"function":"_ssl__SSLContext_get_ca_certs_impl","file":"Modules/_ssl.c"},"signature_type":"Function","id":"PSF-2024-4-9e1c12dc"},{"digest":{"length":543,"function_hash":"214924729268783521281066775001235137272"},"signature_version":"v1","source":"https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa","deprecated":false,"target":{"function":"_ssl__SSLContext_cert_store_stats_impl","file":"Modules/_ssl.c"},"signature_type":"Function","id":"PSF-2024-4-a0742f4a"},{"digest":{"length":543,"function_hash":"214924729268783521281066775001235137272"},"signature_version":"v1","source":"https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e","deprecated":false,"target":{"function":"_ssl__SSLContext_cert_store_stats_impl","file":"Modules/_ssl.c"},"signature_type":"Function","id":"PSF-2024-4-a2884de3"},{"digest":{"length":761,"function_hash":"265746097305689266357477981060500385376"},"signature_version":"v1","source":"https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa","deprecated":false,"target":{"function":"_ssl__SSLContext_get_ca_certs_impl","file":"Modules/_ssl.c"},"signature_type":"Function","id":"PSF-2024-4-a5db7515"},{"digest":{"length":761,"function_hash":"265746097305689266357477981060500385376"},"signature_version":"v1","source":"https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524","deprecated":false,"target":{"function":"_ssl__SSLContext_get_ca_certs_impl","file":"Modules/_ssl.c"},"signature_type":"Function","id":"PSF-2024-4-ab2bc15d"},{"digest":{"threshold":0.9,"line_hashes":["123530213572272044241009411496197871817","200201299181124484660293268760519148168","259695878569452326377606599870398938295","233960810333570605655484121024638076304","226970706793784016314893614203664183907","84413303792988807738388360934890567725","61618566130899658539256274858072069038","257935939472092423356717595012241358413","273044645211350846033584871890401335473","163365333947463192760216260292028193514","81477913632691801171744826625067917144","30158334562189795078273720525780082792","206178550708965781737504027480992523578","28986385988719369160723320181902825911","176618413189878984630475223888358291421","301143843603784104916942442533451237526","95497145508302319014478414429507557267","304454812945834557149447389223461706170","25875761612873731263687065831873739463","190334277521573426903605423155396613838","170106451010986521382851563875727465792","253792490082630518316939501398020113891","288983681670899251818987542178005187293"]},"signature_version":"v1","source":"https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d","deprecated":false,"target":{"file":"Modules/_ssl.c"},"signature_type":"Line","id":"PSF-2024-4-c0da2a29"},{"digest":{"threshold":0.9,"line_hashes":["112806490382328744708534595222546407591","262909644382450144142022125631604669440","162910182408913576601584186189158925433","220301602552249839060295597081088862747","153707601271904422264833791749340611801","153788529729825661102237166308658750590","235420969032820362900137908848947161452","293582388255842405357790219424858342210","259695878569452326377606599870398938295","207823027382081882606687849712017215685","233960810333570605655484121024638076304","226970706793784016314893614203664183907","84413303792988807738388360934890567725","61618566130899658539256274858072069038","257935939472092423356717595012241358413","273044645211350846033584871890401335473","163365333947463192760216260292028193514","81477913632691801171744826625067917144","30158334562189795078273720525780082792","206178550708965781737504027480992523578","260743894228843058800140261526602937485","28986385988719369160723320181902825911","176618413189878984630475223888358291421","301143843603784104916942442533451237526","95497145508302319014478414429507557267","304454812945834557149447389223461706170","25875761612873731263687065831873739463","190334277521573426903605423155396613838","170106451010986521382851563875727465792","253792490082630518316939501398020113891","288983681670899251818987542178005187293"]},"signature_version":"v1","source":"https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa","deprecated":false,"target":{"file":"Modules/_ssl.c"},"signature_type":"Line","id":"PSF-2024-4-c6136ce2"},{"digest":{"threshold":0.9,"line_hashes":["123530213572272044241009411496197871817","200201299181124484660293268760519148168","259695878569452326377606599870398938295","233960810333570605655484121024638076304","226970706793784016314893614203664183907","84413303792988807738388360934890567725","61618566130899658539256274858072069038","257935939472092423356717595012241358413","273044645211350846033584871890401335473","163365333947463192760216260292028193514","81477913632691801171744826625067917144","30158334562189795078273720525780082792","206178550708965781737504027480992523578","28986385988719369160723320181902825911","176618413189878984630475223888358291421","301143843603784104916942442533451237526","95497145508302319014478414429507557267","304454812945834557149447389223461706170","25875761612873731263687065831873739463","190334277521573426903605423155396613838","170106451010986521382851563875727465792","253792490082630518316939501398020113891","288983681670899251818987542178005187293"]},"signature_version":"v1","source":"https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286","deprecated":false,"target":{"file":"Modules/_ssl.c"},"signature_type":"Line","id":"PSF-2024-4-cac527a5"},{"digest":{"length":803,"function_hash":"267831615190247464740372781677498586151"},"signature_version":"v1","source":"https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab","deprecated":false,"target":{"function":"_ssl__SSLContext_get_ca_certs_impl","file":"Modules/_ssl.c"},"signature_type":"Function","id":"PSF-2024-4-de77ab70"},{"digest":{"length":543,"function_hash":"214924729268783521281066775001235137272"},"signature_version":"v1","source":"https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286","deprecated":false,"target":{"function":"_ssl__SSLContext_cert_store_stats_impl","file":"Modules/_ssl.c"},"signature_type":"Function","id":"PSF-2024-4-dfaa0359"},{"digest":{"threshold":0.9,"line_hashes":["112806490382328744708534595222546407591","262909644382450144142022125631604669440","162910182408913576601584186189158925433","220301602552249839060295597081088862747","153707601271904422264833791749340611801","153788529729825661102237166308658750590","235420969032820362900137908848947161452","293582388255842405357790219424858342210","259695878569452326377606599870398938295","207823027382081882606687849712017215685","233960810333570605655484121024638076304","226970706793784016314893614203664183907","84413303792988807738388360934890567725","61618566130899658539256274858072069038","257935939472092423356717595012241358413","273044645211350846033584871890401335473","163365333947463192760216260292028193514","81477913632691801171744826625067917144","30158334562189795078273720525780082792","206178550708965781737504027480992523578","260743894228843058800140261526602937485","28986385988719369160723320181902825911","176618413189878984630475223888358291421","301143843603784104916942442533451237526","95497145508302319014478414429507557267","304454812945834557149447389223461706170","25875761612873731263687065831873739463","190334277521573426903605423155396613838","170106451010986521382851563875727465792","253792490082630518316939501398020113891","288983681670899251818987542178005187293"]},"signature_version":"v1","source":"https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524","deprecated":false,"target":{"file":"Modules/_ssl.c"},"signature_type":"Line","id":"PSF-2024-4-e4d6f5de"}]}}],"schema_version":"1.7.3"}