Ubuntu.comUB:CVE-2022-48560CVE-2022-48560
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
26.8%
A use-after-free exists in Python through 3.9 via heappushpop in heapq.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | python2.7 | < 2.7.17-1~18.04ubuntu1.13+esm3 | UNKNOWN |
| ubuntu | 20.04 | noarch | python2.7 | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | python2.7 | < any | UNKNOWN |
| ubuntu | 14.04 | noarch | python2.7 | < 2.7.6-8ubuntu0.6+esm17 | UNKNOWN |
| ubuntu | 16.04 | noarch | python2.7 | < 2.7.12-1ubuntu0~16.04.18+esm8 | UNKNOWN |
| ubuntu | 14.04 | noarch | python3.4 | < any | UNKNOWN |
| ubuntu | 14.04 | noarch | python3.5 | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | python3.5 | < 3.5.2-2ubuntu0~16.04.13+esm10 | UNKNOWN |
| ubuntu | 18.04 | noarch | python3.6 | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | python3.7 | < any | UNKNOWN |
References
bugs.python.org/issue39421
github.com/python/cpython/commit/79f89e6e5a659846d1068e8b1bd8e491ccdef861 (v3.9.0a3)
github.com/python/cpython/commit/958064f8d2b84062b0582bbae911df8ccfc11fd6 (v3.7.7rc1)
github.com/python/cpython/issues/83602
launchpad.net/bugs/cve/CVE-2022-48560
nvd.nist.gov/vuln/detail/CVE-2022-48560
security-tracker.debian.org/tracker/CVE-2022-48560
ubuntu.com/security/notices/USN-6394-1
ubuntu.com/security/notices/USN-6394-2
www.cve.org/CVERecord?id=CVE-2022-48560
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
26.8%