8.2
CVE-2026-9669
- EPSS 0.43%
- Veröffentlicht 08.06.2026 22:01:15
- Zuletzt bearbeitet 07.07.2026 18:16:40
- Quelle cna@python.org
- CVE-Watchlists
- Unerledigt
bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow
bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerPython Software Foundation
≫
Produkt
CPython
Default Statusunaffected
Version
0
Version <
3.13.14
Status
affected
Version
3.14.0
Version <
3.14.6
Status
affected
Version
3.15.0a1
Version <
3.15.0b3
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.348 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@python.org | 8.2 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
https://github.com/python/cpython/pull/150600
https://github.com/python/cpython/issues/150599
http://www.openwall.com/lists/oss-security/2026/06/08/17
https://github.com/python/cpython/commit/157a5df8cb5d82b33f918a7489e72ce95ceb12b6
https://github.com/python/cpython/commit/5755d0f083949ff3c5bf3a37e673e24e306b036e
https://github.com/python/cpython/commit/619a12b2e545391dc436b3af79dda22337382a6f
https://github.com/python/cpython/commit/d3ca26983dfbccdf609f24ff5877dc3118e4702d
https://github.com/python/cpython/commit/938ec030e90c5e53f1faac6fab1643f14e4f4a79
https://mail.python.org/archives/list/security-announce@python.org/thread/DBJZETMGUIFK7DVUWMOXHD3Z6IX2QPSX/