{"id":"PSF-2024-7","details":"The\n “socket” module provides a pure-Python fallback to the \nsocket.socketpair() function for platforms that don’t support AF_UNIX, \nsuch as Windows. This pure-Python implementation uses AF_INET or \nAF_INET6 to create a local connected pair of sockets. The connection \nbetween the two sockets was not verified before passing the two sockets \nback to the user, which leaves the server socket vulnerable to a \nconnection race from a malicious local peer.\n\nPlatforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.","aliases":["CVE-2024-3219"],"modified":"2026-05-18T05:47:45.274941201Z","published":"2024-07-29T21:54:05.830Z","database_specific":{"cwe_ids":[]},"references":[{"type":"WEB","url":"https://github.com/python/cpython/pull/122134"},{"type":"REPORT","url":"https://github.com/python/cpython/issues/122133"},{"type":"ADVISORY","url":"https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/07/29/3"},{"type":"FIX","url":"https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20"},{"type":"FIX","url":"https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2"},{"type":"FIX","url":"https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c"},{"type":"FIX","url":"https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929"},{"type":"FIX","url":"https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54"},{"type":"FIX","url":"https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508"},{"type":"FIX","url":"https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39"},{"type":"FIX","url":"https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c"},{"type":"FIX","url":"https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660"},{"type":"FIX","url":"https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d"},{"type":"FIX","url":"https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d"},{"type":"FIX","url":"https://github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde"},{"type":"FIX","url":"https://github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a"},{"type":"FIX","url":"https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"06fa244666ec6335a3b9bf2367e31b42b9a89b20"},{"fixed":"0b65c8bf5367625673eafb92f85046a1b31259f2"},{"fixed":"220e31adeaaa8436c9ff234cba1398bc49e2bb6c"},{"fixed":"5f90abaa786f994db3907fc31e2ee00ea2cf0929"},{"fixed":"b252317956b7fc035bb3774ef6a177e227f9fc54"},{"fixed":"2621a8a40ba4b2c68ca564671b7daa5da80a4508"},{"fixed":"5df322e91a40909e6904bbdbc0c3a6b6a9eead39"},{"fixed":"c21a36112a0028d7ac3cf8f480e0dc88dba5922c"},{"fixed":"f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660"},{"fixed":"31302f5fc24eecd693f0c8aaba7c2840b09b594d"},{"fixed":"3f5d9d12c74787fbf3f5891835c85cc15526c86d"},{"fixed":"c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde"},{"fixed":"e319f774f9e766a2b92949444a2d46081df3363a"},{"fixed":"78df1043dbdce5c989600616f9f87b4ee72944e5"}]}],"versions":["v3.13.0b4","v3.13.0b3","v3.12.4","v3.13.0b2","v3.13.0b1","v3.13.0a6","v3.12.3","v3.11.9","v3.10.14","v3.8.19","v3.9.19","v3.13.0a5","v3.13.0a4","v3.12.2","v3.11.8","v3.13.0a3","v3.12.1","v3.11.7","v3.13.0a2","v3.13.0a1","v3.11.6","v3.12.0","v3.12.0rc3","v3.12.0rc2","v3.8.18","v3.11.5","v3.9.18","v3.10.13","v3.12.0rc1","v3.12.0b4","v3.12.0b3","v3.11.4","v3.10.12","v3.12.0b2","v3.8.17","v3.9.17","v3.12.0b1","v3.10.11","v3.11.3","v3.12.0a7","v3.12.0a6","v3.10.10","v3.11.2","v3.12.0a5","v3.12.0a4","v3.12.0a3","v3.10.9","v3.11.1","v3.8.16","v3.9.16","v3.12.0a2","v3.12.0a1","v3.11.0rc2","v3.8.15","v3.10.8","v3.9.15","v3.8.14","v3.9.14","v3.10.7","v3.11.0rc1","v3.10.6","v3.11.0b5","v3.11.0b4","v3.10.5","v3.11.0b3","v3.11.0b2","v3.9.13","v3.11.0b1","v3.11.0a7","v3.10.4","v3.9.12","v3.9.11","v3.10.3","v3.8.13","v3.11.0a6","v3.11.0a5","v3.11.0a4","v3.10.2","v3.11.0a3","v3.10.1","v3.9.9","v3.9.8","v3.10.0rc2","v3.9.7","v3.8.12","v3.10.0rc1","v3.10.0b4","v3.8.11","v3.9.6","v3.10.0b3","v3.10.0b2","v3.10.0b1","v3.9.5","v3.10.0a7","v3.9.2","v3.8.8","v3.9.2rc1","v3.8.8rc1","v3.10.0a1","v3.9.0b5","v3.8.5","v3.9.0b3","v3.9.0b1","v3.8.3","v3.8.3rc1","v3.9.0a2","v3.8.0rc1","v3.7.0a2","v3.6.0b1","v3.6.0a3","v3.5.0b1","v3.5.0a4","v3.5.0a3","v3.5.0a2","v3.5.0a1","v3.4.0b3","v3.4.0b2","v3.4.0b1","v3.4.0a4","v3.4.0a3","v3.4.0a2","v3.4.0a1","v3.3.0rc3","v3.3.0rc2","v3.3.0rc1","v3.3.0b2","v3.3.0b1","v3.3.0a4","v3.3.0a3","v3.3.0a2","v3.2rc3","v3.2rc2","v3.2rc1","v3.2b2","v3.2b1","v3.2a4","v3.2a3","v3.2a2","v3.2a1","v3.1","v3.1rc2","v3.1rc1","v3.1b1","v3.1a2","v3.1a1","v3.0rc3","v3.0rc2","v3.0rc1","v3.0b3","v3.0b2","v3.0b1","v3.0a5","v3.0a4","v3.0a3","v3.0a2","v3.0a1","v2.4","v2.4c1","v2.4b2","v2.4b1","v2.4a3","v2.4a2","v2.4a1","v2.3c2","v2.3c1","v2.2a3","v2.1","v2.1c2","v2.1c1","v2.1b2","v2.1b1","v2.1a2","v2.1a1","v2.0","v2.0c1","v2.0b2","v2.0b1","v1.6a2","v1.6a1","v1.5.2","v1.5.2c1","v1.5.2b2","v1.5.2b1","v1.5.2a2","v1.5.2a1","v1.5.1","v1.5","v1.5b2","v1.5b1","v1.5a4","v1.5a3","v1.5a2","v1.5a1","v1.4","v1.4b3","v1.4b2","v1.4b1","v1.3","v1.3b1","v1.2","v1.2b4","v1.2b3","v1.2b2","v1.2b1","v1.1.1","v1.1","v1.0.2","v1.0.1","v0.9.9","v0.9.8"],"database_specific":{"source":"https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2024-7.json"}}],"schema_version":"1.7.5"}