CVE-2026-3298

UNKNOWN 0.0

Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected.

CWE	CWE-787
Vendor	python software foundation
Product	cpython
Published	Apr 21, 2026
Last Updated	Apr 21, 2026

Stay Ahead of the Next One

Get instant alerts for python software foundation cpython

Be the first to know when new unknown vulnerabilities affecting python software foundation cpython are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Python Software Foundation / CPython

3.11.0 < 3.15.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/python/cpython/pull/148809 github.com: https://github.com/python/cpython/issues/148808 mail.python.org: https://mail.python.org/archives/list/[email protected]/thread/KWTPIQBOOOUNQP7UFSLBI437NJDFLA3F/

Credits

🔍 GGAutomaton (https://github.com/GGAutomaton) Victor Stinner (https://github.com/vstinner) Seth Larson (https://github.com/sethmlarson)