PyPI: python

CVE-2024-0397

Safety vulnerability ID: SFTY-20240617-90108

Safety legacy ID: pyup.io-71775

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured.

PythonPyPINVDNVD
Created at: Nov 5, 2025Updated at: Nov 5, 2025

Overview

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured.

Advisory

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured.

Affected Package

Affecting python package, versions
<3.10.14
>=3.11.0a0,<3.11.9
>=3.12.0a0,<3.12.3
>=3.13.0a0,<3.13.0a5

Also affects

---

How to Fix

We recommend updating python to the latest non-vulnerable version.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more