CVE-2023-33595Use After Free in Python

CWE-416Use After Free3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 74.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
PythonDebian Python2.7Debian Python3.11+1 more
Timeline
PublishedJun 7

Description

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDpython/python3.12.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
GHSA
GHSA-pqc2-g93j-9599: CPython v32023-06-07

📋Vendor Advisories

1
Debian
CVE-2023-33595: python2.7 - CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the ...2023