suse · CVE-2024-0397

Quick triage

Priority: medium Published: 2024-06-17 23:18:37 UTC Updated: 2026-03-05 03:02:21 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2024-0397 severity moderate: SUSE including 519 source package names (0.0.17-1.1:libpython3_11-1_0-3.11.9-150600.3.3.1, 0.0.17-1.1:libpython3_6m1_0-3.6.15-150300.10.65.1, …), 2223 product×package rows across 425 product lines (Container bci/bci-base-fips, Container bci/bci-sle15-kernel-module-devel, … (425 product lines)): Fixed 1838, Known Affected 225, Known Not Affected 160.

Description:

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.

cvelogic Threat Intelligence