Open
Open
<
75A2
span class="CopyToClipboardButton-module__tooltip--Dq1IB prc-TooltipV2-Tooltip-cYMVY" data-direction="s" aria-label="Copy link" aria-hidden="true" id=":Ru96b:">Copy link
Description
Bug report
Bug description:
OpenSSL prior to 3.3.2 had a defect in SSL_select_next_proto
where invalid values (such as an empty list) would cause a buffer overread (see CVE-2024-5535). The issue can be fixed in CPython by not calling SSL_select_next_proto
with an invalid value.
This is a low severity vulnerability in CPython and is tracked separately in CVE-2024-5642. CPython 3.10 and beyond removed support for NPN and thus aren't affected by this issue.
CPython versions tested on:
3.8, 3.9
Operating systems tested on:
No response