Bug 2249755 (CVE-2022-48560) - CVE-2022-48560 python: use after free in heappushpop() of heapq module
Summary: CVE-2022-48560 python: use after free in heappushpop() of heapq module
Keywords:
Status: NEW
Alias: CVE-2022-48560
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2250590 2250591 2250592 2250593 2250594 2250595 2250596 2250597 2250598 2250599 2250600
Blocks: 2249765
TreeView+ depends on / blocked
 
Reported: 2023-11-15 07:40 UTC by TEJ RATHI
Modified: 2024-10-23 18:27 UTC (History)
3 users (show)

Fixed In Version: python 3.9.0, python 3.8.2, python 3.7.7, python 3.6.11
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free vulnerability was found in Python via the heappushpop function in the heapq module. This flaw allows an attacker to submit a specially crafted request, causing a service disruption that leads to a denial of service attack.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:8405 0 None None None 2024-10-23 18:27:37 UTC
Red Hat Product Errata RHSA-2024:0114 0 None None None 2024-01-10 11:29:41 UTC
Red Hat Product Errata RHSA-2024:0430 0 None None None 2024-01-24 16:49:42 UTC
Red Hat Product Errata RHSA-2024:0586 0 None None None 2024-01-30 13:25:14 UTC
Red Hat Product Errata RHSA-2024:2987 0 None None None 2024-05-22 09:26:44 UTC

Description TEJ RATHI 2023-11-15 07:40:31 UTC 
A use-after-free exists in Python via heappushpop in heapq module.

https://bugs.python.org/issue39421
https://github.com/python/cpython/issues/83602
https://github.com/python/cpython/commit/79f89e6e5a659846d1068e8b1bd8e491ccdef861 (v3.9.0a3)
https://github.com/python/cpython/commit/993811ffe75c2573f97fb3fd1414b34609b8c8db (v3.8.2rc1)
https://github.com/python/cpython/commit/958064f8d2b84062b0582bbae911df8ccfc11fd6 (v3.7.7rc1)
https://github.com/python/cpython/commit/c563f409ea30bcb0623d785428c9257917371b76 (v3.6.11rc1)
Comment 3 Sandipan Roy 2023-11-20 05:27:22 UTC 
Created mingw-python3 tracking bugs for this issue:

Affects: fedora-all [bug 2250591]


Created python2.7 tracking bugs for this issue:

Affects: fedora-all [bug 2250592]


Created python3.10 tracking bugs for this issue:

Affects: fedora-all [bug 2250593]


Created python3.11 tracking bugs for this issue:

Affects: fedora-all [bug 2250594]


Created python3.12 tracking bugs for this issue:

Affects: fedora-all [bug 2250595]


Created python3.13 tracking bugs for this issue:

Affects: fedora-all [bug 2250596]


Created python3.6 tracking bugs for this issue:

Affects: fedora-all [bug 2250597]


Created python3.7 tracking bugs for this issue:

Affects: fedora-all [bug 2250598]


Created python3.8 tracking bugs for this issue:

Affects: fedora-all [bug 2250599]


Created python3.9 tracking bugs for this issue:

Affects: fedora-all [bug 2250600]


Created python34 tracking bugs for this issue:

Affects: epel-all [bug 2250590]
Comment 4 errata-xmlrpc 2024-01-10 11:29:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0114 https://access.redhat.com/errata/RHSA-2024:0114
Comment 5 errata-xmlrpc 2024-01-24 16:49:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0430 https://access.redhat.com/errata/RHSA-2024:0430
Comment 6 errata-xmlrpc 2024-01-30 13:25:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:0586 https://access.redhat.com/errata/RHSA-2024:0586
Comment 8 errata-xmlrpc 2024-05-22 09:26:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:2987 https://access.redhat.com/errata/RHSA-2024:2987
Note You need to log in before you can comment on or make changes to this bug.