{
  "threat_severity" : "Moderate",
  "public_date" : "2024-10-12T12:00:00Z",
  "bugzilla" : {
    "description" : "pyo3: Risk of use-after-free in `borrowed` reads from Python weak references",
    "id" : "2318646",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2318646"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-416",
  "details" : [ "A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.", "A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references." ],
  "package_state" : [ {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "python3.11-nh3",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "python3.11-rpds-py",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Will not fix",
    "package_name" : "python-rpds-py",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "python3.11-cryptography",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "python3.12-cryptography",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "python3.11-cryptography",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "python3.12-cryptography",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-9979\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-9979\nhttps://crates.io/crates/pyo3\nhttps://github.com/PyO3/pyo3/pull/4590\nhttps://rustsec.org/advisories/RUSTSEC-2024-0378.html" ],
  "name" : "CVE-2024-9979",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}