CVE-2026-9669

N/A Unknown
Published: June 08, 2026 Modified: June 10, 2026
View on NVD

Description

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/python/cpython/commit/157a5df8cb5d82b33f918a7489e72ce95ceb12b6
Source: cna@python.org
https://github.com/python/cpython/commit/5755d0f083949ff3c5bf3a37e673e24e306b036e
Source: cna@python.org
https://github.com/python/cpython/commit/619a12b2e545391dc436b3af79dda22337382a6f
Source: cna@python.org
https://github.com/python/cpython/commit/d3ca26983dfbccdf609f24ff5877dc3118e4702d
Source: cna@python.org
https://github.com/python/cpython/issues/150599
Source: cna@python.org
https://github.com/python/cpython/pull/150600
Source: cna@python.org
https://mail.python.org/archives/list/security-announce@python.org/thread/DBJZETMGUIFK7DVUWMOXHD3Z6IX2QPSX/
Source: cna@python.org
http://www.openwall.com/lists/oss-security/2026/06/08/17
Source: af854a3a-2127-422b-91ae-364da2661108

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.4%
29th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-121

Related CVEs

CVE-2026-48777 N/A
CVE-2026-47750 7.8
CVE-2026-47747 7.8
CVE-2026-46448 5.4
CVE-2026-22313 9.1