{"uuid": "8d2f5f37-6109-442a-a5cb-d0bece4dae42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12254", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10589", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12254\n\ud83d\udd25 CVSS Score: 8.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()\n method would not \"pause\" writing and signal to the Protocol to drain \nthe buffer to the wire once the write buffer reached the \"high-water \nmark\". Because of this, Protocols would not periodically drain the write\n buffer potentially leading to memory exhaustion.\n\n\n\n\n\nThis\n vulnerability likely impacts a small number of users, you must be using\n Python 3.12.0 or later, on macOS or Linux, using the asyncio module \nwith protocols, and using .writelines() method which had new \nzero-copy-on-write behavior in Python 3.12.0 and later. If not all of \nthese factors are true then your usage of Python is unaffected.\n\ud83d\udccf Published: 2024-12-06T15:19:41.576Z\n\ud83d\udccf Modified: 2025-04-04T23:03:00.653Z\n\ud83d\udd17 References:\n1. https://github.com/python/cpython/issues/127655\n2. https://github.com/python/cpython/pull/127656\n3. https://mail.python.org/archives/list/security-announce@python.org/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/\n4. https://github.com/python/cpython/commit/71e8429ac8e2adc10084ab5ec29a62f4b6671a82\n5. https://github.com/python/cpython/commit/9aa0deb2eef2655a1029ba228527b152353135b5\n6. https://github.com/python/cpython/commit/e991ac8f2037d78140e417cc9a9486223eb3e786", "creation_timestamp": "2025-04-04T23:37:53.000000Z"}