CVE-2024-12254
Description
Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion.
This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true then your usage of Python is unaffected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
52v0.9.8, v0.9.9, v1.0.1, …+ 1 more
- (no CPE)range: v0.9.8, v0.9.9, v1.0.1, …
- (no CPE)range: >=3.12.0
- osv-coords50 versionspkg:apk/chainguard/python-3.12pkg:apk/chainguard/python-3.12-basepkg:apk/chainguard/python-3.12-base-devpkg:apk/chainguard/python-3.12-devpkg:apk/chainguard/python-3.12-docpkg:apk/chainguard/python-3.12-privileged-netbindservicepkg:apk/chainguard/python-3.12-tkpkg:apk/chainguard/python-3.13pkg:apk/chainguard/python-3.13-basepkg:apk/chainguard/python-3.13-base-devpkg:apk/chainguard/python-3.13-devpkg:apk/chainguard/python-3.13-docpkg:apk/chainguard/python-3.13-privileged-netbindservicepkg:apk/chainguard/python-3.13-tkpkg:apk/wolfi/python-3.12pkg:apk/wolfi/python-3.12-basepkg:apk/wolfi/python-3.12-base-devpkg:apk/wolfi/python-3.12-devpkg:apk/wolfi/python-3.12-docpkg:apk/wolfi/python-3.12-privileged-netbindservicepkg:apk/wolfi/python-3.12-tkpkg:apk/wolfi/python-3.13pkg:apk/wolfi/python-3.13-basepkg:apk/wolfi/python-3.13-base-devpkg:apk/wolfi/python-3.13-devpkg:apk/wolfi/python-3.13-docpkg:apk/wolfi/python-3.13-privileged-netbindservicepkg:apk/wolfi/python-3.13-tkpkg:bitnami/libpythonpkg:bitnami/pythonpkg:bitnami/python-minpkg:rpm/almalinux/python3.12pkg:rpm/almalinux/python3.12-debugpkg:rpm/almalinux/python3.12-develpkg:rpm/almalinux/python3.12-idlepkg:rpm/almalinux/python3.12-libspkg:rpm/almalinux/python3.12-rpm-macrospkg:rpm/almalinux/python3.12-testpkg:rpm/almalinux/python3.12-tkinterpkg:rpm/opensuse/python312-core&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python312&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python312&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python312-documentation&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python313&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-aiohttp&distro=openSUSE%20Tumbleweedpkg:rpm/rocky-linux/python3.12?distro=rocky-linux-9&epoch=0pkg:rpm/suse/python312-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python312&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python313-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python313&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7
< 3.12.8-r1+ 49 more
- (no CPE)range: < 3.12.8-r1
- (no CPE)range: < 3.12.8-r1
- (no CPE)range: < 3.12.8-r1
- (no CPE)range: < 3.12.8-r1
- (no CPE)range: < 3.12.8-r1
- (no CPE)range: < 3.12.8-r1
- (no CPE)range: < 3.12.8-r1
- (no CPE)range: < 3.13.1-r1
- (no CPE)range: < 3.13.1-r1
- (no CPE)range: < 3.13.1-r1
- (no CPE)range: < 3.13.1-r1
- (no CPE)range: < 3.13.1-r1
- (no CPE)range: < 3.13.1-r1
- (no CPE)range: < 3.13.1-r1
- (no CPE)range: < 3.12.8-r1
- (no CPE)range: < 3.12.8-r1
- (no CPE)range: < 3.12.8-r1
- (no CPE)range: < 3.12.8-r1
- (no CPE)range: < 3.12.8-r1
- (no CPE)range: < 3.12.8-r1
- (no CPE)range: < 3.12.8-r1
- (no CPE)range: < 3.13.1-r1
- (no CPE)range: < 3.13.1-r1
- (no CPE)range: < 3.13.1-r1
- (no CPE)range: < 3.13.1-r1
- (no CPE)range: < 3.13.1-r1
- (no CPE)range: < 3.13.1-r1
- (no CPE)range: < 3.13.1-r1
- (no CPE)range: >= 3.12.0, < 3.12.9
- (no CPE)range: >= 3.12.0, < 3.12.9
- (no CPE)range: >= 3.12.0, < 3.12.9
- (no CPE)range: < 3.12.5-2.el9_5.2
- (no CPE)range: < 3.12.5-2.el9_5.2
- (no CPE)range: < 3.12.5-2.el9_5.2
- (no CPE)range: < 3.12.5-2.el9_5.2
- (no CPE)range: < 3.12.5-2.el9_5.2
- (no CPE)range: < 3.12.8-1.el8_10
- (no CPE)range: < 3.12.5-2.el9_5.2
- (no CPE)range: < 3.12.5-2.el9_5.2
- (no CPE)range: < 3.12.8-150600.3.12.1
- (no CPE)range: < 3.12.8-150600.3.12.1
- (no CPE)range: < 3.12.8-1.1
- (no CPE)range: < 3.12.8-150600.3.12.1
- (no CPE)range: < 3.13.1-1.1
- (no CPE)range: < 3.11.16-1.1
- (no CPE)range: < 0:3.12.5-2.el9_5.2
- (no CPE)range: < 3.12.8-150600.3.12.1
- (no CPE)range: < 3.12.8-150600.3.12.1
- (no CPE)range: < 3.13.5-150700.4.11.1
- (no CPE)range: < 3.13.5-150700.4.11.1
Patches
Vulnerability mechanics
References
8- www.openwall.com/lists/oss-security/2024/12/06/1nvd
- github.com/python/cpython/commit/71e8429ac8e2adc10084ab5ec29a62f4b6671a82nvd
- github.com/python/cpython/commit/9aa0deb2eef2655a1029ba228527b152353135b5nvd
- github.com/python/cpython/commit/e991ac8f2037d78140e417cc9a9486223eb3e786nvd
- github.com/python/cpython/issues/127655nvd
- github.com/python/cpython/pull/127656nvd
- mail.python.org/archives/list/security-announce@python.org/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/nvd
- security.netapp.com/advisory/ntap-20250404-0010/nvd
News mentions
0No linked articles in our index yet.