What is the severity of CVE-2024-3220?

The CVE-2024-3220 vulnerability is considered a medium severity issue due to potential exploitation affecting Python runtime stability.

Which versions of CPython are affected by CVE-2024-3220?

CVE-2024-3220 affects multiple versions of CPython on Windows where known file locations are writable.

How do I fix CVE-2024-3220?

To mitigate CVE-2024-3220, ensure that the default writable list of file locations used by the mimetypes module is properly secured or updated.

What kind of attack is possible with CVE-2024-3220?

Exploiting CVE-2024-3220 could allow attackers to create invalid files that trigger MemoryError upon CPython startup.

Is the CVE-2024-3220 vulnerability specific to Windows?

Yes, CVE-2024-3220 specifically impacts CPython running on the Windows operating system.

Vulnerability/
CVE-2024-3220

low

2.3

CWE

426

14/2/2025

CVE-2024-3220: Default mimetype known files writeable on Windows

First published: Fri Feb 14 2025(Updated: )

There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the incorrect file type. This defect is caused by the default locations of Linux and macOS platforms (such as “/etc/mime.types”) also being used on Windows, where they are user-writable locations (“C:\etc\mime.types”). To work-around this issue a user can call mimetypes.init() with an empty list (“[]”) on Windows platforms to avoid using the default list of known file locations.

Credit: cna@python.org

Affected Software	Affected Version	How to fix
CPython

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-3220?
The CVE-2024-3220 vulnerability is considered a medium severity issue due to potential exploitation affecting Python runtime stability.
Which versions of CPython are affected by CVE-2024-3220?
CVE-2024-3220 affects multiple versions of CPython on Windows where known file locations are writable.
How do I fix CVE-2024-3220?
To mitigate CVE-2024-3220, ensure that the default writable list of file locations used by the mimetypes module is properly secured or updated.
What kind of attack is possible with CVE-2024-3220?
Exploiting CVE-2024-3220 could allow attackers to create invalid files that trigger MemoryError upon CPython startup.
Is the CVE-2024-3220 vulnerability specific to Windows?
Yes, CVE-2024-3220 specifically impacts CPython running on the Windows operating system.

collector/mitre-cve
source/MITRE
agent/references
agent/title
agent/weakness
agent/description
agent/type
agent/first-publish-date
collector/oss-sec
source/oss-sec
alias/CVE-2024-3220
agent/severity
agent/last-modified-date
agent/source
agent/author
agent/event
agent/guess-ai
agent/software-canonical-lookup
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
vendor/python software foundation
canonical/cpython

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.