Description
The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected.
Published: 2026-04-21
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Out-of-bounds write leading to memory corruption that could enable arbitrary code execution or crash
Action: Apply Patch
AI Analysis

Impact

The vulnerability exists in the Windows implementation of asyncio.ProactorEventLoop.sock_recvfrom_into(). The method lacks a boundary check for the buffer when the nbytes parameter is specified, allowing a caller to write beyond the allocated memory. This out‑of‑bounds write is a classic buffer overflow (CWE‑787). If exploited, an attacker could corrupt memory, potentially leading to remote or local code execution, or destabilize the process with a denial‑of‑service.

Affected Systems

The flaw affects CPython releases running on Windows. All Windows builds of CPython that use asyncio.ProactorEventLoop and call sock_recvfrom_into() are potentially vulnerable. The vulnerability is not present on non‑Windows platforms.

Risk and Exploitability

The CVSS score is 8.8, indicating high severity. The EPSS score is not available, and the vulnerability is not listed in CISA's KEV catalog, suggesting no publicly known exploits yet. An attacker would need to induce a vulnerable Python application to receive a socket payload larger than the specified nbytes, which typically requires remote network interaction or local privilege depending on the application's socket exposure. Because the flaw manifests as a buffer overflow, exploitation would likely provide local code execution if the attacker can exercise the vulnerable function.

Generated by OpenCVE AI on April 21, 2026 at 22:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade CPython to the latest release that includes the fix from the referenced pull request
  • If an immediate upgrade is not possible, restrict or validate the nbytes parameter so it never exceeds the buffer size, or apply the patch manually from the PR
  • Monitor Python processes for abnormal crashes or memory corruption and investigate any suspicious activity

Generated by OpenCVE AI on April 21, 2026 at 22:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 21 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Python
Python cpython
Vendors & Products Python
Python cpython

Tue, 21 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected.
Title Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes
Weaknesses CWE-787
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Python Cpython
cve-icon MITRE

Status: PUBLISHED

Assigner: PSF

Published:

Updated: 2026-05-06T15:49:33.057Z

Reserved: 2026-02-26T20:12:47.041Z

Link: CVE-2026-3298

cve-icon Vulnrichment

Updated: 2026-04-21T19:15:41.466Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-21T15:16:37.047

Modified: 2026-04-21T21:16:41.937

Link: CVE-2026-3298

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T23:00:03Z

Weaknesses