Aikido Intel
Secure My Code
Intel

AIKIDO-2025-10092

kafka-python is vulnerable to Race Condition

Race ConditionCVE-2024-3219 Published Feb 13, 2025

25

Low Risk

This Affects:

pythonkafka-python
0.9.0 - 2.0.2
Fixed in 2.0.3
Are you affected? Scan for Free

TL;DR

Affected versions of the package are vulnerable to a race condition. The socket module provides a pure-Python fallback to the socket.socketpair() function for platforms that do not support AF_UNIX, such as Windows. This implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. However, the connection between the two sockets is not verified before returning them to the user, leaving the server socket vulnerable to a connection race from a malicious local peer.

Who does this affect?

You are affected if you are using a version which is within vulnerability ranges and if you are using Windows OS.

Background info

kafka-python is vulnerable to Race Condition in versions 0.9.0 - 2.0.2.

How to fix this

Upgrade the kafka-python library to the patch version.

Links

Fix Commits

github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20
https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20
github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2
https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2
github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c
https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c
github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508
https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508
github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d
https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d
github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d
https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d
github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39
https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39
github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929
https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929
github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5
https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5
github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54
https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54
github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c
https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c
github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde
https://github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde
github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a
https://github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a
github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660
https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done