{
  "threat_severity" : "Important",
  "public_date" : "2024-12-06T15:19:41Z",
  "bugzilla" : {
    "description" : "python: Unbounded memory buffering in SelectorSocketTransport.writelines()",
    "id" : "2330804",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2330804"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-770",
  "details" : [ "Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()\nmethod would not \"pause\" writing and signal to the Protocol to drain \nthe buffer to the wire once the write buffer reached the \"high-water \nmark\". Because of this, Protocols would not periodically drain the write\nbuffer potentially leading to memory exhaustion.\nThis\nvulnerability likely impacts a small number of users, you must be using\nPython 3.12.0 or later, on macOS or Linux, using the asyncio module \nwith protocols, and using .writelines() method which had new \nzero-copy-on-write behavior in Python 3.12.0 and later. If not all of \nthese factors are true then your usage of Python is unaffected.", "A flaw was found in Python. In certain configurations, the `asyncio._SelectorSocketTransport.writelines()` method fails to signal the protocol to clear the write buffer when it approaches capacity. Because of this, protocols would not periodically drain the write buffer, potentially leading to a denial of service via memory exhaustion." ],
  "statement" : "This vulnerability likely impacts a small number of users. You must be using Python 3.12.0 or later, on Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true, then your usage of Python is unaffected.\nThis vulnerability is rated with an Important severity due to its potential for denial of service (DoS) attacks through memory exhaustion. By failing to signal the protocol to drain the write buffer when approaching the high-water mark, the affected `asyncio._SelectorSocketTransport.writelines()` method introduces a important flaw in flow control. This flaw can lead to uncontrolled growth of the buffer in long-running or high-throughput applications, which are typical in networked systems or event-driven architectures. Given that `asyncio` is widely used in performance-critical Python applications for handling asynchronous I/O, the impact of memory exhaustion could destabilize services, compromise system availability, and increase the risk of cascading failures, especially in production environments handling large-scale or untrusted inputs.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-12-12T00:00:00Z",
    "advisory" : "RHSA-2024:10980",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "python3.12-0:3.12.8-1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-12-12T00:00:00Z",
    "advisory" : "RHSA-2024:10978",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "python3.12-0:3.12.5-2.el9_5.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2024-12-13T00:00:00Z",
    "advisory" : "RHSA-2024:11035",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "python3.12-0:3.12.1-4.el9_4.5"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Affected",
    "package_name" : "python3.12",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "python",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "python",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "python3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "gimp:flatpak/python2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "python3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "python3.11",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "python36:3.6/python36",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "python39:3.9/python39",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "python39-devel:3.9/python39",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "python3.11",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "python3.9",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-amd-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-azure-nvidia-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-nvidia-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-12254\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-12254\nhttps://github.com/python/cpython/issues/127655\nhttps://github.com/python/cpython/pull/127656\nhttps://mail.python.org/archives/list/security-announce@python.org/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/" ],
  "name" : "CVE-2024-12254",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}