{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T17:25:22.804","vulnerabilities":[{"cve":{"id":"CVE-2024-5642","sourceIdentifier":"cna@python.org","published":"2024-06-27T21:15:16.070","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CPython 3.9 and earlier doesn't disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured)."},{"lang":"es","value":"CPython 3.9 y versiones anteriores no permiten la configuración de una lista vacía (\"[]\") para SSLContext.set_npn_protocols(), que es un valor no válido para la API OpenSSL subyacente. Esto da como resultado una lectura excesiva del búfer cuando se utiliza NPN (consulte CVE-2024-5535 para OpenSSL). Esta vulnerabilidad es de baja gravedad debido a que NPN no se usa ampliamente y especificar una lista vacía probablemente sea poco común en la práctica (normalmente se configuraría un nombre de protocolo)."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}]},"references":[{"url":"http://www.openwall.com/lists/oss-security/2024/06/28/4","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/a2cdbb6e8188ba9ba8b356b28d91bff60e86fe31","source":"cna@python.org"},{"url":"https://github.com/python/cpython/issues/121227","source":"cna@python.org"},{"url":"https://github.com/python/cpython/pull/23014","source":"cna@python.org"},{"url":"https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html","source":"cna@python.org"},{"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/","source":"cna@python.org"},{"url":"https://security.netapp.com/advisory/ntap-20240726-0005/","source":"cna@python.org"},{"url":"http://www.openwall.com/lists/oss-security/2024/06/28/4","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/python/cpython/issues/121227","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/python/cpython/pull/23014","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20240726-0005/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}