{ "threat_severity" : "Important", "public_date" : "2026-04-13T17:15:47Z", "bugzilla" : { "description" : "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules", "id" : "2457932", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2457932" }, "cvss3" : { "cvss3_base_score" : "8.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-825", "details" : [ "Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.\nThe vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.", "A flaw was found in Python's decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable." ], "statement" : "The severity of this flaw is somewhat mitigated on Red Hat platforms. By default processes are not executed with root user privilege and are limited in their scope which in turn limits the impact of this flaw.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-04-27T00:00:00Z", "advisory" : "RHSA-2026:10711", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "python3.12-0:3.12.12-3.el10_1.3" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-05-13T00:00:00Z", "advisory" : "RHSA-2026:16699", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "python3.12-0:3.12.9-2.el10_0.9" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-04-27T00:00:00Z", "advisory" : "RHSA-2026:10950", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "python3.12-0:3.12.13-2.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-04-27T00:00:00Z", "advisory" : "RHSA-2026:11062", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "python3.11-0:3.11.13-7.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-04-27T00:00:00Z", "advisory" : "RHSA-2026:11077", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "python3-0:3.6.8-76.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-04-27T00:00:00Z", "advisory" : "RHSA-2026:11077", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "python3-0:3.6.8-76.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2026-05-14T00:00:00Z", "advisory" : "RHSA-2026:17619", "cpe" : "cpe:/a:redhat:rhel_aus:8.6", "package" : "python3-0:3.6.8-47.el8_6.13" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2026-05-14T00:00:00Z", "advisory" : "RHSA-2026:17619", "cpe" : "cpe:/a:redhat:rhel_tus:8.6", "package" : "python3-0:3.6.8-47.el8_6.13" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2026-05-14T00:00:00Z", "advisory" : "RHSA-2026:17619", "cpe" : "cpe:/a:redhat:rhel_e4s:8.6", "package" : "python3-0:3.6.8-47.el8_6.13" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-04-27T00:00:00Z", "advisory" : "RHSA-2026:10745", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "python3.12-0:3.12.12-4.el9_7.3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-04-27T00:00:00Z", "advisory" : "RHSA-2026:10774", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "python3.11-0:3.11.13-5.3.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-04-27T00:00:00Z", "advisory" : "RHSA-2026:10949", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "python3.9-0:3.9.25-3.el9_7.3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-04-27T00:00:00Z", "advisory" : "RHSA-2026:10949", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "python3.9-0:3.9.25-3.el9_7.3" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13692", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "python3.11-0:3.11.2-2.el9_2.12" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-05-07T00:00:00Z", "advisory" : "RHSA-2026:14653", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "python3.11-0:3.11.7-1.el9_4.13" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-05-14T00:00:00Z", "advisory" : "RHSA-2026:17525", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "python3.12-0:3.12.1-4.el9_4.13" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-05-07T00:00:00Z", "advisory" : "RHSA-2026:14652", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "python3.11-0:3.11.11-2.el9_6.7" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-05-07T00:00:00Z", "advisory" : "RHSA-2026:14656", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "python3.12-0:3.12.9-1.el9_6.8" }, { "product_name" : "RHEL-8 based Middleware Containers", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13812", "cpe" : "cpe:/a:redhat:rhosemc:1.0::el8", "package" : "rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.5-4.1777325677" }, { "product_name" : "RHEL-8 based Middleware Containers", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13812", "cpe" : "cpe:/a:redhat:rhosemc:1.0::el8", "package" : "rhpam-7/rhpam-businesscentral-rhel8:7.13.5-4.1777325711" }, { "product_name" : "RHEL-8 based Middleware Containers", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13812", "cpe" : "cpe:/a:redhat:rhosemc:1.0::el8", "package" : "rhpam-7/rhpam-controller-rhel8:7.13.5-4.1777325710" }, { "product_name" : "RHEL-8 based Middleware Containers", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13812", "cpe" : "cpe:/a:redhat:rhosemc:1.0::el8", "package" : "rhpam-7/rhpam-dashbuilder-rhel8:7.13.5-3.1777325680" }, { "product_name" : "RHEL-8 based Middleware Containers", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13812", "cpe" : "cpe:/a:redhat:rhosemc:1.0::el8", "package" : "rhpam-7/rhpam-kieserver-rhel8:7.13.5-4.1777325709" }, { "product_name" : "RHEL-8 based Middleware Containers", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13812", "cpe" : "cpe:/a:redhat:rhosemc:1.0::el8", "package" : "rhpam-7/rhpam-process-migration-rhel8:7.13.5-4.1777325680" }, { "product_name" : "RHEL-8 based Middleware Containers", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13812", "cpe" : "cpe:/a:redhat:rhosemc:1.0::el8", "package" : "rhpam-7/rhpam-smartrouter-rhel8:7.13.5-4.1777325708" }, { "product_name" : "Red Hat Enterprise Linux AI 3.3", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10140", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3.3::el9", "package" : "rhelai3/bootc-aws-cuda-rhel9:1776871984" }, { "product_name" : "Red Hat Enterprise Linux AI 3.3", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10140", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3.3::el9", "package" : "rhelai3/bootc-azure-cuda-rhel9:1776871985" }, { "product_name" : "Red Hat Enterprise Linux AI 3.3", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10140", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3.3::el9", "package" : "rhelai3/bootc-azure-rocm-rhel9:1776872005" }, { "product_name" : "Red Hat Enterprise Linux AI 3.3", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10140", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3.3::el9", "package" : "rhelai3/bootc-cuda-rhel9:1776773390" }, { "product_name" : "Red Hat Enterprise Linux AI 3.3", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10140", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3.3::el9", "package" : "rhelai3/bootc-gcp-cuda-rhel9:1776871987" }, { "product_name" : "Red Hat Enterprise Linux AI 3.3", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10140", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3.3::el9", "package" : "rhelai3/bootc-rocm-rhel9:1776773505" }, { "product_name" : "Red Hat Enterprise Linux AI 3.3", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10141", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3.3::el9", "package" : "rhelai3/disk-image-cuda-rhel9:1776938871" }, { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-04-23T00:00:00Z", "advisory" : "RHSA-2026:10117", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "python3-13-main-3.13.13-1.1.hum1" }, { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-04-17T00:00:00Z", "advisory" : "RHSA-2026:8822", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "python3-11-main-3.11.15-4.hum1" }, { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-04-17T00:00:00Z", "advisory" : "RHSA-2026:8824", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "python3-12-main-3.12.13-3.hum1" }, { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-04-21T00:00:00Z", "advisory" : "RHSA-2026:9228", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "python3-14-main-3.14.4-2.hum1" }, { "product_name" : "Red Hat Update Infrastructure 5", "release_date" : "2026-04-29T00:00:00Z", "advisory" : "RHSA-2026:11768", "cpe" : "cpe:/a:redhat:rhui:5::el9", "package" : "rhui5/cds-kubernetes-tp-rhel9:1777459441" }, { "product_name" : "Red Hat Update Infrastructure 5", "release_date" : "2026-04-29T00:00:00Z", "advisory" : "RHSA-2026:11768", "cpe" : "cpe:/a:redhat:rhui:5::el9", "package" : "rhui5/installer-tp-rhel9:1777454300" }, { "product_name" : "Red Hat Update Infrastructure 5", "release_date" : "2026-04-29T00:00:00Z", "advisory" : "RHSA-2026:11768", "cpe" : "cpe:/a:redhat:rhui:5::el9", "package" : "rhui5/rhua-tp-rhel9:1777459504" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "python3.14", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "python", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "python", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "python3", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "python36:3.6/python36", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "python39-devel:3.9/python39", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "python3.14", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/bootc-cuda-aws-3-3", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/bootc-cuda-azure-3-3", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/bootc-cuda-gcp-3-3", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "redhat-user-workloads/bootc-rocm-azure-3-3", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-6100\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-6100\nhttps://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d\nhttps://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2\nhttps://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20\nhttps://github.com/python/cpython/issues/148395\nhttps://github.com/python/cpython/pull/148396\nhttps://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/" ], "name" : "CVE-2026-6100", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }