Update OSV records from CVE

advisories/python/PSF-0000-CVE-2024-12254.json

@@ -0,0 +1,42 @@
+{
+  "schema_version": "1.5.0",
+  "id": "PSF-0000-CVE-2024-12254",
+  "aliases": [
+    "CVE-2024-12254"
+  ],
+  "published": "2024-12-06T15:19:41.576Z",
+  "modified": "2024-12-06T15:19:41.576Z",
+  "details": "Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()\n method would not \"pause\" writing and signal to the Protocol to drain \nthe buffer to the wire once the write buffer reached the \"high-water \nmark\". Because of this, Protocols would not periodically drain the write\n buffer potentially leading to memory exhaustion.\n\n\n\n\n\nThis\n vulnerability likely impacts a small number of users, you must be using\n Python 3.12.0 or later, on macOS or Linux, using the asyncio module \nwith protocols, and using .writelines() method which had new \nzero-copy-on-write behavior in Python 3.12.0 and later. If not all of \nthese factors are true then your usage of Python is unaffected.",
+  "affected": [
+    {
+      "ranges": [
+        {
+          "type": "GIT",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ],
+          "repo": "https://github.com/python/cpython"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "REPORT",
+      "url": "https://github.com/python/cpython/issues/127655"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/python/cpython/pull/127656"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://mail.python.org/archives/list/[email protected]/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": []
+  }
+}