5.9
CVE-2025-4516
- EPSS 0.17%
- Veröffentlicht 15.05.2025 13:29:20
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle cna@python.org
- CVE-Watchlists
- Unerledigt
Use-after-free in "unicode_escape" decoder with error handler
There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerPython Software Foundation
≫
Produkt
CPython
Default Statusunaffected
Version
0
Version <
3.10.18
Status
affected
Version
3.11.0
Version <
3.11.13
Status
affected
Version
3.12.0
Version <
3.12.11
Status
affected
Version
3.13.0
Version <
3.13.4
Status
affected
Version
3.14.0a1
Version <
3.14.0b2
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.067 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@python.org | 5.9 | 0 | 0 |
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://github.com/python/cpython/issues/133767
https://github.com/python/cpython/pull/129648
https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/
https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142
https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e
http://www.openwall.com/lists/oss-security/2025/05/16/4
http://www.openwall.com/lists/oss-security/2025/05/19/1
https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292
https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d
https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f
https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77
https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b