CVE-2024-3219: 
Python Interpreter vulnerability analysis and mitigation

The "socket" module in CPython contains a MEDIUM severity vulnerability (CVE-2024-3219) affecting its pure-Python fallback implementation of socket.socketpair() function. This vulnerability was discovered in July 2024 and affects platforms that don't support AF_UNIX, such as Windows. The vulnerability exists because the connection between two sockets was not verified before passing them back to the user (Python Security, NVD).

The vulnerability exists in the pure-Python fallback implementation that uses AFINET or AFINET6 to create a local connected pair of sockets. The implementation failed to authenticate that the connection was from the expected peer process before returning the socket pair to the user. This implementation is only used on platforms that don't support AF_UNIX sockets. The vulnerability has been assigned a CVSS v4.0 Base Score of 5.1 (MEDIUM) with vector string CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N (NVD).

The vulnerability leaves the server socket vulnerable to a connection race condition from a malicious local peer. This could potentially allow an attacker to intercept the socket connection intended for the legitimate peer process (Python Security).

The issue has been fixed by implementing authentication of the socket connection using getsockname() and getpeername() to verify that the connected peer is the expected one. The fix has been backported to affected versions of Python (GitHub PR).