Page 1 of 1
CVE-2024-12254 - python 3.12 in current NCPA distribution
Posted: Thu Dec 19, 2024 5:29 pm
by Velocity Electronics
The latest version of NCPA (3.1.1) includes Python 3.12.6 which falls into the CVE-2024-12254 vulnerability list. There needs to be a new version released that has Python of at least version 3.14.0a2.
Re: CVE-2024-12254 - python 3.12 in current NCPA distribution
Posted: Thu Dec 19, 2024 5:57 pm
by danderson
Thanks for reaching out,
I believe the references to the writelines function in NCPA is actually
this and not
this, which is the method that CVE is about. So I don't believe this applies. I wouldnt want to upgrade to a Development version anyway.
Re: CVE-2024-12254 - python 3.12 in current NCPA distribution
Posted: Thu Dec 26, 2024 12:11 pm
by Velocity Electronics
Agreed, can't use a pre-release, but when a patched version is generally available, it should be incorporated in a new NCPA release.
Re: CVE-2024-12254 - python 3.12 in current NCPA distribution
Posted: Thu Dec 26, 2024 5:06 pm
by bbahn
Hello @Velocity Electronics,
We will be updating the NCPA build process to utilize the latest available version of Python that we can build with as soon as possible.