CVE-2024-9979

NameCVE-2024-9979
DescriptionA flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1085296

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
rust-pyo3 (PTS)bookworm0.17.3-1fixed
trixie0.22.5-1fixed
sid0.22.6-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
rust-pyo3sourcebookworm(not affected)
rust-pyo3source(unstable)0.22.5-11085296

Notes

[bookworm] - rust-pyo3 <not-affected> (Vulnerable code introduced later)
https://github.com/PyO3/pyo3/pull/4590
https://rustsec.org/advisories/RUSTSEC-2024-0378.html

Search for package or bug name: Reporting problems