# CVE-2024-12254 — CPython asyncio writelines() missing flow control (CWE-400/770)
# Vulnerable interpreter pinned to 3.12.8 (last release before the 3.12.9 fix).
# 3.12.8 is inside the affected range 3.12.0-3.12.8, on Debian (Linux) => SelectorEventLoop path.
FROM python:3.12.8-slim-bookworm

# No third-party packages required: the bug is in the CPython standard library
# (Lib/asyncio/selector_events.py), shipped with the interpreter itself.

WORKDIR /work

# Keep the container alive so the verifier/exploiter can `docker exec` into a
# version-pinned interpreter and run their own harness (own Protocol with
# pause_writing/resume_writing hooks + transport.get_write_buffer_size()).
CMD ["sleep", "infinity"]