Medium severity6.5OSV Advisory· Published Jun 27, 2024· Updated Apr 15, 2026
CVE-2024-5642
CVE-2024-5642
Description
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
134v0.9.8, v0.9.9, v1.0.1, …+ 1 more
- (no CPE)range: v0.9.8, v0.9.9, v1.0.1, …
- (no CPE)range: <=3.9
- osv-coords132 versionspkg:apk/chainguard/python-3.9pkg:apk/chainguard/python-3.9-basepkg:apk/chainguard/python-3.9-base-devpkg:apk/chainguard/python-3.9-devpkg:apk/chainguard/python-3.9-docpkg:bitnami/libpythonpkg:bitnami/pythonpkg:bitnami/python-minpkg:rpm/almalinux/python3pkg:rpm/almalinux/python39pkg:rpm/almalinux/python39-attrspkg:rpm/almalinux/python39-cffipkg:rpm/almalinux/python39-chardetpkg:rpm/almalinux/python39-cryptographypkg:rpm/almalinux/python39-Cythonpkg:rpm/almalinux/python39-debugpkg:rpm/almalinux/python39-develpkg:rpm/almalinux/python39-idlepkg:rpm/almalinux/python39-idnapkg:rpm/almalinux/python39-iniconfigpkg:rpm/almalinux/python39-libspkg:rpm/almalinux/python39-lxmlpkg:rpm/almalinux/python39-mod_wsgipkg:rpm/almalinux/python39-more-itertoolspkg:rpm/almalinux/python39-numpypkg:rpm/almalinux/python39-numpy-docpkg:rpm/almalinux/python39-numpy-f2pypkg:rpm/almalinux/python39-packagingpkg:rpm/almalinux/python39-pippkg:rpm/almalinux/python39-pip-wheelpkg:rpm/almalinux/python39-pluggypkg:rpm/almalinux/python39-plypkg:rpm/almalinux/python39-psutilpkg:rpm/almalinux/python39-psycopg2pkg:rpm/almalinux/python39-psycopg2-docpkg:rpm/almalinux/python39-psycopg2-testspkg:rpm/almalinux/python39-pypkg:rpm/almalinux/python39-pybind11pkg:rpm/almalinux/python39-pybind11-develpkg:rpm/almalinux/python39-pycparserpkg:rpm/almalinux/python39-PyMySQLpkg:rpm/almalinux/python39-pyparsingpkg:rpm/almalinux/python39-pysockspkg:rpm/almalinux/python39-pytestpkg:rpm/almalinux/python39-pyyamlpkg:rpm/almalinux/python39-requestspkg:rpm/almalinux/python39-rpm-macrospkg:rpm/almalinux/python39-scipypkg:rpm/almalinux/python39-setuptoolspkg:rpm/almalinux/python39-setuptools-wheelpkg:rpm/almalinux/python39-sixpkg:rpm/almalinux/python39-testpkg:rpm/almalinux/python39-tkinterpkg:rpm/almalinux/python39-tomlpkg:rpm/almalinux/python39-urllib3pkg:rpm/almalinux/python39-wcwidthpkg:rpm/almalinux/python39-wheelpkg:rpm/almalinux/python39-wheel-wheelpkg:rpm/almalinux/python3-debugpkg:rpm/almalinux/python3-develpkg:rpm/almalinux/python3-idlepkg:rpm/almalinux/python3-libspkg:rpm/almalinux/python3-testpkg:rpm/almalinux/python3-tkinterpkg:rpm/almalinux/python-unversioned-commandpkg:rpm/opensuse/python38&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python39-core&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python39-core&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python39&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python39&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python39&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python39-documentation&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python39-documentation&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python3-core&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python3-core&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python3-core&distro=openSUSE%20Leap%20Micro%205.5pkg:rpm/opensuse/python3&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python3&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python3&distro=openSUSE%20Leap%20Micro%205.5pkg:rpm/opensuse/python3-documentation&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python3-documentation&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/python36-core&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python36-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python36-core&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/python36&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python36&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python39-core&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/python39-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/python39-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5pkg:rpm/suse/python39-core&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/python39-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/python39&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/python39&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/python39&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5pkg:rpm/suse/python39&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/python39&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/python3-core&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python3-core&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/python3-core&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/python3&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python3&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/python3&distro=SUSE%20Manager%20Server%204.3
< 3.9.25-r0+ 131 more
- (no CPE)range: < 3.9.25-r0
- (no CPE)range: < 3.9.25-r0
- (no CPE)range: < 3.9.25-r0
- (no CPE)range: < 3.9.25-r0
- (no CPE)range: < 3.9.25-r0
- (no CPE)range: < 3.9.24
- (no CPE)range: < 3.9.24
- (no CPE)range: < 3.9.24
- (no CPE)range: < 3.9.25-2.el9_7
- (no CPE)range: < 3.9.25-2.module_el8.10.0+4083+53cad1fb
- (no CPE)range: < 20.3.0-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.14.3-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 3.0.4-19.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 3.3.1-3.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 0.29.21-5.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 3.9.25-2.module_el8.10.0+4083+53cad1fb
- (no CPE)range: < 3.9.25-2.module_el8.10.0+4083+53cad1fb
- (no CPE)range: < 3.9.25-2.module_el8.10.0+4083+53cad1fb
- (no CPE)range: < 2.10-4.module_el8.10.0+3849+a48d89aa
- (no CPE)range: < 1.1.1-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 3.9.25-2.module_el8.10.0+4083+53cad1fb
- (no CPE)range: < 4.6.5-1.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 4.7.1-7.module_el8.10.0+3989+a618fe15.1
- (no CPE)range: < 8.5.0-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.19.4-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.19.4-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.19.4-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 20.4-4.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 20.2.4-9.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 20.2.4-9.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 0.13.1-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 3.11-10.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 5.8.0-4.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 2.8.6-3.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 2.8.6-3.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 2.8.6-3.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 1.10.0-1.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 2.7.1-1.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 2.7.1-1.module_el8.6.0+3248+c431e88c
- (no CPE)range: < 2.20-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 0.10.1-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 2.4.7-5.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.7.1-4.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 6.0.2-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 5.4.1-1.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 2.25.0-3.module_el8.9.0+3634+fb2a896c
- (no CPE)range: < 3.9.25-2.module_el8.10.0+4083+53cad1fb
- (no CPE)range: < 1.5.4-5.module_el8.9.0+3634+fb2a896c
- (no CPE)range: < 50.3.2-7.module_el8.10.0+4040+9207bbc0
- (no CPE)range: < 50.3.2-7.module_el8.10.0+4040+9207bbc0
- (no CPE)range: < 1.15.0-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 3.9.25-2.module_el8.10.0+4083+53cad1fb
- (no CPE)range: < 3.9.25-2.module_el8.10.0+4083+53cad1fb
- (no CPE)range: < 0.10.1-5.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.25.10-5.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 0.2.5-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1:0.35.1-4.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1:0.35.1-4.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 3.9.25-2.el9_7
- (no CPE)range: < 3.9.25-2.el9_7
- (no CPE)range: < 3.9.25-2.el9_7
- (no CPE)range: < 3.9.25-2.el9_7
- (no CPE)range: < 3.9.25-2.el9_7
- (no CPE)range: < 3.9.25-2.el9_7
- (no CPE)range: < 3.9.25-2.el9_7
- (no CPE)range: < 3.8.19-7.1
- (no CPE)range: < 3.9.19-150300.4.49.1
- (no CPE)range: < 3.9.19-150300.4.49.1
- (no CPE)range: < 3.9.19-150300.4.49.1
- (no CPE)range: < 3.9.19-150300.4.49.1
- (no CPE)range: < 3.9.19-6.1
- (no CPE)range: < 3.9.19-150300.4.49.1
- (no CPE)range: < 3.9.19-150300.4.49.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-64.1
- (no CPE)range: < 3.6.15-64.1
- (no CPE)range: < 3.6.15-64.1
- (no CPE)range: < 3.6.15-64.1
- (no CPE)range: < 3.6.15-64.1
- (no CPE)range: < 3.9.19-150300.4.49.1
- (no CPE)range: < 3.9.19-150300.4.49.1
- (no CPE)range: < 3.9.19-150300.4.49.1
- (no CPE)range: < 3.9.19-150300.4.49.1
- (no CPE)range: < 3.9.19-150300.4.49.1
- (no CPE)range: < 3.9.19-150300.4.49.1
- (no CPE)range: < 3.9.19-150300.4.49.1
- (no CPE)range: < 3.9.19-150300.4.49.1
- (no CPE)range: < 3.9.19-150300.4.49.1
- (no CPE)range: < 3.9.19-150300.4.49.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150000.3.158.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150000.3.158.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
- (no CPE)range: < 3.6.15-150300.10.72.1
Patches
Vulnerability mechanics
References
8- www.openwall.com/lists/oss-security/2024/06/28/4nvd
- github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3envd
- github.com/python/cpython/commit/a2cdbb6e8188ba9ba8b356b28d91bff60e86fe31nvd
- github.com/python/cpython/issues/121227nvd
- github.com/python/cpython/pull/23014nvd
- jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.htmlnvd
- mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/nvd
- security.netapp.com/advisory/ntap-20240726-0005/nvd
News mentions
0No linked articles in our index yet.