EXECUTIVE SUMMARY:
A high-severity vulnerability CVE-2024-12254 affecting Python versions 3.12.0 and later has been disclosed, stemming from a flaw in the asyncio._SelectorSocketTransport.writelines() method. This issue prevents the write buffer from pausing and draining when reaching a high-water mark, potentially leading to unbounded memory usage and system memory exhaustion. The problem is specific to macOS and Linux systems actively using the asyncio module with writelines(), which introduces zero-copy-on-write behavior in Python 3.12.0.
The vulnerability underscores the importance of secure file handling and thorough system protections.
RECOMMENDATION:
We strongly recommend you update Cpython to version 3.13 or latest version.
REFERENCES:
The following reports contain further technical details:
https://cybersecuritynews.com/python-vulnerability/