Bug 2457932 (CVE-2026-6100)
| Summary: | CVE-2026-6100 python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | bbrownin, dfreiber, drow, jburrell, rhel-process-autobot, surdu.dumitru.alexandru, vkumar, watson-tool-maintainers |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Python's decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2458008, 2458009, 2458010, 2458012, 2458015, 2458011, 2458013, 2458014, 2458016, 2458017, 2458018, 2458019 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-04-13 18:01:55 UTC
Any POC available? This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:10711 https://access.redhat.com/errata/RHSA-2026:10711 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:10745 https://access.redhat.com/errata/RHSA-2026:10745 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:10774 https://access.redhat.com/errata/RHSA-2026:10774 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:10949 https://access.redhat.com/errata/RHSA-2026:10949 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:10950 https://access.redhat.com/errata/RHSA-2026:10950 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:11062 https://access.redhat.com/errata/RHSA-2026:11062 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:11077 https://access.redhat.com/errata/RHSA-2026:11077 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:13692 https://access.redhat.com/errata/RHSA-2026:13692 This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2026:13812 https://access.redhat.com/errata/RHSA-2026:13812 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:14653 https://access.redhat.com/errata/RHSA-2026:14653 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:14652 https://access.redhat.com/errata/RHSA-2026:14652 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:14656 https://access.redhat.com/errata/RHSA-2026:14656 This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:16699 https://access.redhat.com/errata/RHSA-2026:16699 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:17525 https://access.redhat.com/errata/RHSA-2026:17525 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2026:17619 https://access.redhat.com/errata/RHSA-2026:17619 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:19019 https://access.redhat.com/errata/RHSA-2026:19019 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:19064 https://access.redhat.com/errata/RHSA-2026:19064 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:19175 https://access.redhat.com/errata/RHSA-2026:19175 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:19176 https://access.redhat.com/errata/RHSA-2026:19176 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:19177 https://access.redhat.com/errata/RHSA-2026:19177 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:19216 https://access.redhat.com/errata/RHSA-2026:19216 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:19549 https://access.redhat.com/errata/RHSA-2026:19549 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2026:19571 https://access.redhat.com/errata/RHSA-2026:19571 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:19570 https://access.redhat.com/errata/RHSA-2026:19570 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:19576 https://access.redhat.com/errata/RHSA-2026:19576 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:19590 https://access.redhat.com/errata/RHSA-2026:19590 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:21682 https://access.redhat.com/errata/RHSA-2026:21682 |