vulnerability

Huawei EulerOS: CVE-2024-3219: python3 security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:L/AC:M/Au:N/C:C/I:N/A:C)	Jul 29, 2024	Dec 12, 2024	Aug 13, 2025

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:N/A:C)

Published

Jul 29, 2024

Added

Dec 12, 2024

Modified

Aug 13, 2025

Description

The
“socket” module provides a pure-Python fallback to the
socket.socketpair() function for platforms that don’t support AF_UNIX,
such as Windows. This pure-Python implementation uses AF_INET or
AF_INET6 to create a local connected pair of sockets. The connection
between the two sockets was not verified before passing the two sockets
back to the user, which leaves the server socket vulnerable to a
connection race from a malicious local peer.

Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.

Solutions

huawei-euleros-2_0_sp11-upgrade-python3huawei-euleros-2_0_sp11-upgrade-python3-unversioned-command

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today