What is the severity of REDHAT-BUG-2330804?

The severity of REDHAT-BUG-2330804 is considered significant due to the potential impact on network communication in applications using Python 3.12.0.

How do I fix REDHAT-BUG-2330804?

To fix REDHAT-BUG-2330804, you should update Python to a version that contains the necessary patches addressing this issue.

What systems are affected by REDHAT-BUG-2330804?

REDHAT-BUG-2330804 affects systems running Python version 3.12.0 and later.

What functionality is impacted by REDHAT-BUG-2330804?

The writelines() method in asyncio._SelectorSocketTransport is impacted, which fails to properly signal when the write buffer is full.

Is there a workaround for REDHAT-BUG-2330804?

Currently, there is no known effective workaround for REDHAT-BUG-2330804 aside from upgrading to a patched version.

Vulnerability/
REDHAT-BUG-2330804

high

6/12/2024

13/12/2024

REDHAT-BUG-2330804

First published: Fri Dec 06 2024(Updated: )

Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion. This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true then your usage of Python is unaffected.

Affected Software	Affected Version	How to fix
Python Babel Localedata	>=3.12.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-2330804?
The severity of REDHAT-BUG-2330804 is considered significant due to the potential impact on network communication in applications using Python 3.12.0.
How do I fix REDHAT-BUG-2330804?
To fix REDHAT-BUG-2330804, you should update Python to a version that contains the necessary patches addressing this issue.
What systems are affected by REDHAT-BUG-2330804?
REDHAT-BUG-2330804 affects systems running Python version 3.12.0 and later.
What functionality is impacted by REDHAT-BUG-2330804?
The writelines() method in asyncio._SelectorSocketTransport is impacted, which fails to properly signal when the write buffer is full.
Is there a workaround for REDHAT-BUG-2330804?
Currently, there is no known effective workaround for REDHAT-BUG-2330804 aside from upgrading to a patched version.

agent/severity
agent/type
agent/description
agent/first-publish-date
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2024-12254
agent/last-modified-date
agent/references
agent/trending
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/python
canonical/python babel localedata

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.