Lucene search
K

22 matches found

OSV
OSV
added 4 days ago5 views

BIT-PYTHON-MIN-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

9.1CVSS5.7AI score0.00579EPSS
Exploits0References54
OSV
OSV
added 4 days ago2 views

BIT-LIBPYTHON-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

9.1CVSS5.7AI score0.00579EPSS
Exploits0References54
RedHat Linux
RedHat Linux
added 2026/06/16 7:53 a.m.7 views

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS6.3AI score0.00579EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/05/20 11:36 a.m.10 views

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS7.7AI score0.00579EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/05/20 11:27 a.m.11 views

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS7.7AI score0.00579EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/05/20 10:23 a.m.13 views

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS7.7AI score0.00579EPSS
Exploits0References10
OSV
OSV
added 2026/05/13 9:7 a.m.13 views

CLSA-2026-1778147559 python3.11: Fix of CVE-2026-6100

CVE-2026-6100: fix possible use-after-free in bz2 and lzma decompressors...

9.1CVSS5.8AI score0.00579EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 12:13 a.m.18 views

CLSA-2026-1777940008 python3: Fix of CVE-2026-6100

CVE-2026-6100: clear dangling nextin pointer on MemoryError in bz2/lzma decompressors to avoid use-after-free on instance reuse...

9.1CVSS6AI score0.00579EPSS
Exploits0References1
OSV
OSV
added 2026/04/30 5:21 p.m.11 views

CLSA-2026-1777569671 python3: Fix of CVE-2026-6100

CVE-2026-6100: clear dangling nextin pointer on MemoryError in bz2/lzma decompressors to avoid use-after-free on instance reuse...

9.1CVSS6AI score0.00579EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2026/04/27 12:0 a.m.2 views

The vulnerabilities of the functions lzma.LZMADecompressor(), bz2.BZ2Decompressor(), and gzip.GzipFile() in the Python programming language (CPython) allow a malicious actor to trigger a service denial.

The vulnerability of the bytes.decode function in the CPython interpreter relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

8.7CVSS6.1AI score0.00579EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2026/04/25 5:51 a.m.11 views

OESA-2026-2115 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

9.1CVSS5.5AI score0.00579EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.4 views

FreeBSD : Python -- use-after-free vulnerability in decompressors under memory pressure (b8e9f33c-375d-11f1-a119-e36228bfe7d4)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b8e9f33c-375d-11f1-a119-e36228bfe7d4 advisory. Seth Larson reports: There is a CRITICAL severity vulnerability affecting CPython. Use-after-free UAF w...

9.1CVSS5.7AI score0.00579EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/14 11:30 p.m.8 views

SUSE CVE-2026-6100

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

8.1CVSS5.8AI score0.00579EPSS
Exploits0References24
RedhatCVE
RedhatCVE
added 2026/04/13 9:5 p.m.8 views

CVE-2026-6100

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS6AI score0.00579EPSS
Exploits0References9
EUVD
EUVD
added 2026/04/13 6:30 p.m.7 views

EUVD-2026-22028

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

9.1CVSS5.8AI score0.00579EPSS
Exploits0References7
NVD
NVD
added 2026/04/13 6:16 p.m.7 views

CVE-2026-6100

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

9.1CVSS0.00579EPSS
Exploits0References53
UbuntuCve
UbuntuCve
added 2026/04/13 6:16 p.m.5 views

CVE-2026-6100

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

9.1CVSS5.8AI score0.00579EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/04/13 5:15 p.m.49 views

CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

9.1CVSS0.00579EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/04/13 5:15 p.m.5 views

CVE-2026-6100

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

9.1CVSS5.3AI score0.00579EPSS
Exploits0
CVE
CVE
added 2026/04/13 5:15 p.m.180 views

CVE-2026-6100

CVE-2026-6100 affects Python’s decompression modules: at least the in-process reuse of decompressor instances in lzma.LZMADecompressor , bz2.BZ2Decompressor , and gzip.GzipFile can lead to a Use-After-Free (UAF) if a memory allocation fails with a MemoryError and the decompressor is reused. The i...

9.1CVSS5.8AI score0.00579EPSS
Exploits0References53
Rows per page
Query Builder