{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-5642", "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22", "state": "PUBLISHED", "assignerShortName": "PSF", "dateReserved": "2024-06-04T18:40:21.539Z", "datePublished": "2024-06-27T21:05:31.281Z", "dateUpdated": "2024-08-01T21:18:06.642Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CPython", "repo": "https://github.com/python/cpython", "vendor": "Python Software Foundation", "versions": [{"lessThan": "3.10.0b1", "status": "affected", "version": "0", "versionType": "python"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "CPython 3.9 and earlier doesn't disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see <span style=\"background-color: oklab(0.0852327 0.00000386313 0.00000170618 / 0.06);\">CVE</span><span style=\"background-color: oklab(0.0852327 0.00000386313 0.00000170618 / 0.06);\">-2024</span><span style=\"background-color: oklab(0.0852327 0.00000386313 0.00000170618 / 0.06);\">-5535</span> for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).<br>"}], "value": "CPython 3.9 and earlier doesn't disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured)."}], "providerMetadata": {"orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "PSF", "dateUpdated": "2024-07-01T13:51:32.404Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html"}, {"tags": ["mitigation"], "url": "https://github.com/python/cpython/pull/23014"}, {"tags": ["vendor-advisory"], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e"}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/28/4"}, {"tags": ["issue-tracking"], "url": "https://github.com/python/cpython/issues/121227"}, {"url": "https://security.netapp.com/advisory/ntap-20240726-0005/"}], "source": {"discovery": "UNKNOWN"}, "title": "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-28T13:47:34.169947Z", "id": "CVE-2024-5642", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-28T13:47:48.118Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:06.642Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html"}, {"tags": ["mitigation", "x_transferred"], "url": "https://github.com/python/cpython/pull/23014"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e"}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/28/4", "tags": ["x_transferred"]}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://github.com/python/cpython/issues/121227"}, {"url": "https://security.netapp.com/advisory/ntap-20240726-0005/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/python/cpython/pull/23014", "tags": ["mitigation", "x_transferred"]}, {"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e", "tags": ["patch", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/28/4", "tags": ["x_transferred"]}, {"url": "https://github.com/python/cpython/issues/121227", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240726-0005/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:06.642Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5642", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-28T13:47:34.169947Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-28T13:47:40.782Z"}}], "cna": {"title": "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source": {"discovery": "UNKNOWN"}, "affected": [{"repo": "https://github.com/python/cpython", "vendor": "Python Software Foundation", "product": "CPython", "versions": [{"status": "affected", "version": "0", "lessThan": "3.10.0b1", "versionType": "python"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html", "tags": ["third-party-advisory"]}, {"url": "https://github.com/python/cpython/pull/23014", "tags": ["mitigation"]}, {"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/", "tags": ["vendor-advisory"]}, {"url": "https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e", "tags": ["patch"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/28/4"}, {"url": "https://github.com/python/cpython/issues/121227", "tags": ["issue-tracking"]}, {"url": "https://security.netapp.com/advisory/ntap-20240726-0005/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "CPython 3.9 and earlier doesn't disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).", "supportingMedia": [{"type": "text/html", "value": "CPython 3.9 and earlier doesn't disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see <span style=\"background-color: oklab(0.0852327 0.00000386313 0.00000170618 / 0.06);\">CVE</span><span style=\"background-color: oklab(0.0852327 0.00000386313 0.00000170618 / 0.06);\">-2024</span><span style=\"background-color: oklab(0.0852327 0.00000386313 0.00000170618 / 0.06);\">-5535</span> for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).<br>", "base64": false}]}], "providerMetadata": {"orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "PSF", "dateUpdated": "2024-07-01T13:51:32.404Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5642", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:18:06.642Z", "dateReserved": "2024-06-04T18:40:21.539Z", "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22", "datePublished": "2024-06-27T21:05:31.281Z", "assignerShortName": "PSF"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "CPython 3.9 and earlier doesn't disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured)."}, {"lang": "es", "value": "CPython 3.9 y versiones anteriores no permiten la configuraci\u00f3n de una lista vac\u00eda (\"[]\") para SSLContext.set_npn_protocols(), que es un valor no v\u00e1lido para la API OpenSSL subyacente. Esto da como resultado una lectura excesiva del b\u00fafer cuando se utiliza NPN (consulte CVE-2024-5535 para OpenSSL). Esta vulnerabilidad es de baja gravedad debido a que NPN no se usa ampliamente y especificar una lista vac\u00eda probablemente sea poco com\u00fan en la pr\u00e1ctica (normalmente se configurar\u00eda un nombre de protocolo)."}], "id": "CVE-2024-5642", "lastModified": "2024-07-28T14:15:11.220", "metrics": {}, "published": "2024-06-27T21:15:16.070", "references": [{"source": "cna@python.org", "url": "http://www.openwall.com/lists/oss-security/2024/06/28/4"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/issues/121227"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/pull/23014"}, {"source": "cna@python.org", "url": "https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html"}, {"source": "cna@python.org", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/"}, {"source": "cna@python.org", "url": "https://security.netapp.com/advisory/ntap-20240726-0005/"}], "sourceIdentifier": "cna@python.org", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used", "id": "2294682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294682"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-20", "details": ["CPython 3.9 and earlier doesn't disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).", "A vulnerability was found in Python/CPython that does not disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols(), which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information."], "name": "CVE-2024-5642", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "python", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "python", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "python3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "gimp:flatpak/python2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "inkscape:flatpak/python2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python27:2.7/python2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python3", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python3.11", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python3.12", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python36:3.6/python36", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python39:3.9/python39", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python39-devel:3.9/python39", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "python3.11", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "python3.12", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "python3.9", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-5642\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-5642\nhttps://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/"], "statement": "This vulnerability is rated with a Low severity due to NPN not being widely used and specifying an empty list is likely uncommon in practice. Typically, a protocol name would be configured.", "threat_severity": "Low"}