vulnerability

SUSE: CVE-2024-12254: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	2024-12-06	2025-01-09	2025-02-18

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

2024-12-06

Added

2025-01-09

Modified

2025-02-18

Description

Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()
method would not "pause" writing and signal to the Protocol to drain
the buffer to the wire once the write buffer reached the "high-water
mark". Because of this, Protocols would not periodically drain the write
buffer potentially leading to memory exhaustion.

This
vulnerability likely impacts a small number of users, you must be using
Python 3.12.0 or later, on macOS or Linux, using the asyncio module
with protocols, and using .writelines() method which had new
zero-copy-on-write behavior in Python 3.12.0 and later. If not all of
these factors are true then your usage of Python is unaffected.

Solution(s)

suse-upgrade-libpython3_12-1_0suse-upgrade-libpython3_12-1_0-32bitsuse-upgrade-python312suse-upgrade-python312-32bitsuse-upgrade-python312-basesuse-upgrade-python312-base-32bitsuse-upgrade-python312-cursessuse-upgrade-python312-dbmsuse-upgrade-python312-develsuse-upgrade-python312-docsuse-upgrade-python312-doc-devhelpsuse-upgrade-python312-idlesuse-upgrade-python312-testsuitesuse-upgrade-python312-tksuse-upgrade-python312-tools

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today