Use-After-Free Vulnerability in PyO3 Could Lead to Memory Corruption or Crashes
CVE-2024-9979

5.3MEDIUM

Key Information:

Vendor
Red Hat
Status
Red Hat Ansible Automation Platform 2
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Vendor
CVE Published:
15 October 2024

Summary

A flaw in PyO3 enables a use-after-free issue that can result in memory corruption or application crashes. This vulnerability stems from unsound borrowing from weak Python references, which could be exploited by attackers or inadvertently trigger instability in applications that rely on the affected library. Developers utilizing PyO3 should review their code for instances that may be influenced by this vulnerability and ensure they adopt the latest secure version to mitigate potential risks.

References

https://access.redhat.com/security/cve/CVE-2024-9979
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2318646
issue-trackingx_refsource_REDHAT
https://crates.io/crates/pyo3

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.