2 matches found
GHSA-F8X4-F32R-W556 Duplicate Advisory: PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6jgw-rgmm-7cv6. This link is maintained to preserve external references. Original Advisory The family of functions to read "borrowed" values from Python weak references were fundamentally unsound, because the we...
PT-2024-40267 · Pypi · Pyo3
Name of the Vulnerable Software and Affected Versions: PyO3 versions prior to 0.23 Description: The issue concerns a family of functions in PyO3 that read "borrowed" values from Python weak references. These functions were fundamentally unsound because the weak reference does not have ownership o...