CVE-2026-3298 | THREATINT

Description

The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected.

PUBLISHED Reserved 2026-02-26 | Published 2026-04-21 | Updated 2026-04-21 | Assigner PSF

HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-787 Out-of-bounds write

Product status

Default status

unaffected

3.11.0 (python) before 3.15.0

affected

Credits

GGAutomaton (https://github.com/GGAutomaton) reporter

Victor Stinner (https://github.com/vstinner) remediation reviewer

Seth Larson (https://github.com/sethmlarson) coordinator

References

github.com/python/cpython/pull/148809 patch

github.com/python/cpython/issues/148808 issue-tracking

mail.python.org/.../thread/KWTPIQBOOOUNQP7UFSLBI437NJDFLA3F/ vendor-advisory

github.com/...ommit/1274766d3c29007ab77245a72abbf8dce2a9db4d patch

github.com/...ommit/27522b7d6e6588f03e61099dd858cd5a9314e2f2 patch

github.com/...ommit/95633d2aad4721e25e4dfd9f43dfb6e1edcbd741 patch

cve.org (CVE-2026-3298)

nvd.nist.gov (CVE-2026-3298)

Download JSON

help @ threatint.eu