An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. https://github.com/python/cpython/issues/105987
If you can call an arbirtary function, there are many ways to get sensitive information. Is there any relevant situation where an attacker can call _asyncio._swap_current_task specifically, but not an arbitrary function?
Created python3.12 tracking bugs for this issue: Affects: fedora-all [bug 2234375]
(In reply to Petr Viktorin from comment #2) > If you can call an arbirtary function, there are many ways to get sensitive > information. > > Is there any relevant situation where an attacker can call > _asyncio._swap_current_task specifically, but not an arbitrary function? The needinfo on this question was removed without an answer or justification. Reinstating that.
In reply to comment #4: > (In reply to Petr Viktorin from comment #2) > > If you can call an arbirtary function, there are many ways to get sensitive > > information. > > > > Is there any relevant situation where an attacker can call > > _asyncio._swap_current_task specifically, but not an arbitrary function? > > The needinfo on this question was removed without an answer or > justification. Reinstating that. Meant to redirect this needinfo request to the main analyst for this task, sorry about that.
This CVE is not assigned by RED HAT, as well our shipped product was not affected by this CVE.