Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2023-33595

Published: October 18, 2023Last modified: November 15, 2023

Description

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.

Severity score breakdown

ParameterValue
Base score5.5
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredNONE
User interactionREQUIRED
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactNONE
Availability impactHIGH
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Notes

It's a Python 3.12 issue only, and at the time of this writing we only ship Python 3.11.

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSpython3Not affected (3.11.5-r0)
Streampython3Not affected (3.11.5-r0)

References

ON THIS PAGE