| Name | CVE-2026-9669 |
| Description | bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| python3.11 (PTS) | bookworm | 3.11.2-6+deb12u7 | vulnerable |
| bookworm (security) | 3.11.2-6+deb12u3 | vulnerable | |
| python3.13 (PTS) | trixie | 3.13.5-2+deb13u2 | vulnerable |
| forky, sid | 3.13.12-1 | vulnerable | |
| python3.14 (PTS) | forky, sid | 3.14.5-1 | vulnerable |
| python3.9 (PTS) | bullseye | 3.9.2-1 | vulnerable |
| bullseye (security) | 3.9.2-1+deb11u7 | vulnerable |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| python3.11 | source | (unstable) | (unfixed) | |||
| python3.13 | source | (unstable) | (unfixed) | |||
| python3.14 | source | (unstable) | (unfixed) | |||
| python3.9 | source | (unstable) | (unfixed) |
https://github.com/python/cpython/issues/150599
https://github.com/python/cpython/pull/150600
https://github.com/python/cpython/commit/d3ca26983dfbccdf609f24ff5877dc3118e4702d (3.15 branch)
https://github.com/python/cpython/commit/157a5df8cb5d82b33f918a7489e72ce95ceb12b6 (3.14 branch)
https://github.com/python/cpython/commit/619a12b2e545391dc436b3af79dda22337382a6f (3.13 branch)