 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.114744 |
| Category: | General |
| Title: | Python Buffer Over-Read Vulnerability (Jul 2024) - Linux |
| Summary: | Python is prone to a buffer over-read vulnerability in; SSLContext.set_npn_protocols(). |
| Description: | Summary: Python is prone to a buffer over-read vulnerability in SSLContext.set_npn_protocols(). Vulnerability Insight: The product doesn't disallow configuring an empty list ('[]') for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured). Affected Software/OS: Python versions prior to 3.10. Solution: Suggested mitigation by the vendor is one of the following: - Update to Python 3.10 or later where NPN isn't supported - Avoid using NPN via SSLContext.set_npn_protocols() - Avoid providing an empty list as a parameter to SSLContext.set_npn_protocols() CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2024-5642 |
| Copyright | Copyright (C) 2024 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |