CVE search results

1 – 2 of 2 results

Detailed view

Sort by:

CVE-2024-5642

Low priority

Needs evaluation

CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see...

10 affected packages

python2.7, python3.10, python3.11, python3.12, python3.4...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
python3.10	Not in release	Not affected	Not in release	—	—
python3.11	Not in release	Not affected	Not in release	—	—
python3.12	Not affected	Not in release	Not in release	—	—
python3.4	Not in release	Not in release	Not in release	—	—
python3.5	Not in release	Not in release	Not in release	—	Needs evaluation
python3.6	Not in release	Not in release	Not in release	Needs evaluation	—
python3.7	Not in release	Not in release	Not in release	Needs evaluation	—
python3.8	Not in release	Not in release	Not affected	Not affected	—
python3.9	Not in release	Not in release	Needs evaluation	—	—

CVE-2024-5535

Low priority

Some fixes available 4 of 19

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
nodejs	Not affected	Vulnerable	Not affected	Needs evaluation	Needs evaluation
openssl	Fixed	Fixed	Fixed	Needs evaluation	Needs evaluation
openssl1.0	Not in release	Not in release	Not in release	Needs evaluation	—

Search CVE reports