Use-After-Free Vulnerability in Python Affects Multiple Versions
CVE-2022-48560

7.5HIGH

Key Information:

Vendor: Python
Status: Python
Vendor: CVE Published:; 22 August 2023

Summary

A use-after-free vulnerability has been identified in Python, which affects versions up to and including 3.9. The issue arises from improper handling within the 'heappushpop' function in the 'heapq' module, allowing an attacker to exploit memory management flaws. This could lead to potentially harmful program behavior, including application crashes or unintended memory access, thereby compromising system integrity.

References

https://bugs.python.org/issue39421

https://lists.debian.org/debian-lts-announce/2023/09/msg0...

mailing-list

https://security.netapp.com/advisory/ntap-20230929-0008/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 22, 2023
Vulnerability Reserved
Jul 23, 2023