CVE-2026-6100

EUVD-2026-22028
Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.

The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
PSFCNA
9.1 CRITICAL
NETWORK
HIGH
NONE
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
pythoncpython
𝑥
< 3.15.0
CNA
Debian logo
Debian Releases
Debian Product
Codename
pypy3
bookworm
7.3.11+dfsg-2+deb12u3
fixed
bullseye
7.3.5+dfsg-2+deb11u2
fixed
bullseye (security)
7.3.5+dfsg-2+deb11u5
fixed
forky
7.3.22+dfsg-1
fixed
sid
7.3.22+dfsg-1
fixed
trixie
7.3.19+dfsg-2
fixed
python2.7
bullseye
vulnerable
python3.11
bookworm
no-dsa
bookworm (security)
vulnerable
python3.13
forky
vulnerable
sid
vulnerable
trixie
3.13.5-2+deb13u2
fixed
python3.14
forky
3.14.5-1
fixed
sid
3.14.5-1
fixed
python3.9
bullseye
vulnerable
bullseye (security)
3.9.2-1+deb11u7
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpython3_10-1_0
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
libpython3_12-1_0
suse enterprise server 15 SP6
3.12.13-150600.3.59.1
fixed
libpython3_4m1_0
suse enterprise server 12 SP3
3.4.10-25.185.1
fixed
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
libpython3_4m1_0-32bit
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
libpython3_6m1_0
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
libpython3_9-1_0
suse enterprise server 15 SP5
3.9.25-150300.4.106.1
fixed
python3
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 12 SP3
3.4.10-25.185.1
fixed
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-base
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 12 SP3
3.4.10-25.185.1
fixed
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-curses
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 12 SP3
3.4.10-25.185.1
fixed
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-dbm
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-devel
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-idle
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-tk
suse enterprise desktop 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.118.1
fixed
suse enterprise server 12 SP5
3.4.10-25.185.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.118.1
fixed
python3-tools
suse enterprise server 15 SP4
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.118.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.118.1
fixed
python310
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-base
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-curses
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-dbm
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-devel
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-idle
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-tk
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python310-tools
suse enterprise server 15 SP4
3.10.20-150400.4.112.1
fixed
python312
suse enterprise server 15 SP6
3.12.13-150600.3.59.1
fixed
python312-base
suse enterprise server 15 SP6
3.12.13-150600.3.59.1
fixed
python312-curses
suse enterprise server 15 SP6
3.12.13-150600.3.59.1
fixed
python312-dbm
suse enterprise server 15 SP6
3.12.13-150600.3.59.1
fixed
python312-devel
suse enterprise server 15 SP6
3.12.13-150600.3.59.1
fixed
python312-idle
suse enterprise server 15 SP6
3.12.13-150600.3.59.1
fixed
python312-tk
suse enterprise server 15 SP6
3.12.13-150600.3.59.1
fixed
python312-tools
suse enterprise server 15 SP6
3.12.13-150600.3.59.1
fixed
python39
suse enterprise server 15 SP5
3.9.25-150300.4.106.1
fixed
python39-base
suse enterprise server 15 SP5
3.9.25-150300.4.106.1
fixed
python39-curses
suse enterprise server 15 SP5
3.9.25-150300.4.106.1
fixed
python39-dbm
suse enterprise server 15 SP5
3.9.25-150300.4.106.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
platform-python
RHEL 8
0:3.6.8-76.el8_10
fixed
RHEL 8.4 AUS
0:3.6.8-39.el8_4.11
fixed
RHEL 8.6 AUS
0:3.6.8-47.el8_6.13
fixed
RHEL 8.6 E4S
0:3.6.8-47.el8_6.13
fixed
RHEL 8.6 TUS
0:3.6.8-47.el8_6.13
fixed
RHEL 8.8 E4S
0:3.6.8-51.el8_8.15
fixed
RHEL 8.8 TUS
0:3.6.8-51.el8_8.15
fixed
platform-python-debug
RHEL 8
0:3.6.8-76.el8_10
fixed
RHEL 8.4 AUS
0:3.6.8-39.el8_4.11
fixed
RHEL 8.6 AUS
0:3.6.8-47.el8_6.13
fixed
RHEL 8.6 E4S
0:3.6.8-47.el8_6.13
fixed
RHEL 8.6 TUS
0:3.6.8-47.el8_6.13
fixed
RHEL 8.8 E4S
0:3.6.8-51.el8_8.15
fixed
RHEL 8.8 TUS
0:3.6.8-51.el8_8.15
fixed
platform-python-devel
RHEL 8
0:3.6.8-76.el8_10
fixed
RHEL 8.4 AUS
0:3.6.8-39.el8_4.11
fixed
RHEL 8.6 AUS
0:3.6.8-47.el8_6.13
fixed
RHEL 8.6 E4S
0:3.6.8-47.el8_6.13
fixed
RHEL 8.6 TUS
0:3.6.8-47.el8_6.13
fixed
RHEL 8.8 E4S
0:3.6.8-51.el8_8.15
fixed
RHEL 8.8 TUS
0:3.6.8-51.el8_8.15
fixed
python-unversioned-command
RHEL 9
0:3.9.25-7.el9_8
fixed
python3
RHEL 9
0:3.9.25-7.el9_8
fixed
python3-debug
RHEL 9
0:3.9.25-7.el9_8
fixed
python3-devel
RHEL 9
0:3.9.25-7.el9_8
fixed
python3-idle
RHEL 8
0:3.6.8-76.el8_10
fixed
RHEL 8.4 AUS
0:3.6.8-39.el8_4.11
fixed
RHEL 8.6 AUS
0:3.6.8-47.el8_6.13
fixed
RHEL 8.6 E4S
0:3.6.8-47.el8_6.13
fixed
RHEL 8.6 TUS
0:3.6.8-47.el8_6.13
fixed
RHEL 8.8 E4S
0:3.6.8-51.el8_8.15
fixed
RHEL 8.8 TUS
0:3.6.8-51.el8_8.15
fixed
RHEL 9
0:3.9.25-7.el9_8
fixed
python3-libs
RHEL 8
0:3.6.8-76.el8_10
fixed
RHEL 8.4 AUS
0:3.6.8-39.el8_4.11
fixed
RHEL 8.6 AUS
0:3.6.8-47.el8_6.13
fixed
RHEL 8.6 E4S
0:3.6.8-47.el8_6.13
fixed
RHEL 8.6 TUS
0:3.6.8-47.el8_6.13
fixed
RHEL 8.8 E4S
0:3.6.8-51.el8_8.15
fixed
RHEL 8.8 TUS
0:3.6.8-51.el8_8.15
fixed
RHEL 9
0:3.9.25-7.el9_8
fixed
python3-test
RHEL 8
0:3.6.8-76.el8_10
fixed
RHEL 8.4 AUS
0:3.6.8-39.el8_4.11
fixed
RHEL 8.6 AUS
0:3.6.8-47.el8_6.13
fixed
RHEL 8.6 E4S
0:3.6.8-47.el8_6.13
fixed
RHEL 8.6 TUS
0:3.6.8-47.el8_6.13
fixed
RHEL 8.8 E4S
0:3.6.8-51.el8_8.15
fixed
RHEL 8.8 TUS
0:3.6.8-51.el8_8.15
fixed
RHEL 9
0:3.9.25-7.el9_8
fixed
python3-tkinter
RHEL 8
0:3.6.8-76.el8_10
fixed
RHEL 8.4 AUS
0:3.6.8-39.el8_4.11
fixed
RHEL 8.6 AUS
0:3.6.8-47.el8_6.13
fixed
RHEL 8.6 E4S
0:3.6.8-47.el8_6.13
fixed
RHEL 8.6 TUS
0:3.6.8-47.el8_6.13
fixed
RHEL 8.8 E4S
0:3.6.8-51.el8_8.15
fixed
RHEL 8.8 TUS
0:3.6.8-51.el8_8.15
fixed
RHEL 9
0:3.9.25-7.el9_8
fixed
python3.11
RHEL 8
0:3.11.13-7.el8_10
fixed
RHEL 9
0:3.11.13-9.el9_8
fixed
python3.11-debug
RHEL 8
0:3.11.13-7.el8_10
fixed
RHEL 9
0:3.11.13-9.el9_8
fixed
python3.11-devel
RHEL 8
0:3.11.13-7.el8_10
fixed
RHEL 9
0:3.11.13-9.el9_8
fixed
python3.11-idle
RHEL 8
0:3.11.13-7.el8_10
fixed
RHEL 9
0:3.11.13-9.el9_8
fixed
python3.11-libs
RHEL 8
0:3.11.13-7.el8_10
fixed
RHEL 9
0:3.11.13-9.el9_8
fixed
python3.11-rpm-macros
RHEL 8
0:3.11.13-7.el8_10
fixed
python3.11-test
RHEL 8
0:3.11.13-7.el8_10
fixed
RHEL 9
0:3.11.13-9.el9_8
fixed
python3.11-tkinter
RHEL 8
0:3.11.13-7.el8_10
fixed
RHEL 9
0:3.11.13-9.el9_8
fixed
python3.12
RHEL 8
0:3.12.13-2.el8_10
fixed
RHEL 9
0:3.12.13-2.el9_8
fixed
python3.12-debug
RHEL 8
0:3.12.13-2.el8_10
fixed
RHEL 9
0:3.12.13-2.el9_8
fixed
python3.12-devel
RHEL 8
0:3.12.13-2.el8_10
fixed
RHEL 9
0:3.12.13-2.el9_8
fixed
python3.12-idle
RHEL 8
0:3.12.13-2.el8_10
fixed
RHEL 9
0:3.12.13-2.el9_8
fixed
python3.12-libs
RHEL 8
0:3.12.13-2.el8_10
fixed
RHEL 9
0:3.12.13-2.el9_8
fixed
python3.12-rpm-macros
RHEL 8
0:3.12.13-2.el8_10
fixed
python3.12-test
RHEL 8
0:3.12.13-2.el8_10
fixed
RHEL 9
0:3.12.13-2.el9_8
fixed
python3.12-tkinter
RHEL 8
0:3.12.13-2.el8_10
fixed
RHEL 9
0:3.12.13-2.el9_8
fixed
python3.14
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-debug
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-devel
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-freethreading
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-freethreading-debug
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-freethreading-devel
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-freethreading-idle
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-freethreading-libs
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-freethreading-test
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-freethreading-tkinter
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-idle
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-libs
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-test
RHEL 9
0:3.14.4-2.el9_8
fixed
python3.14-tkinter
RHEL 9
0:3.14.4-2.el9_8
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://github.com/python/cpython/commit/47128e64f98c3a20271138a98c2922bea2a3ee0e
https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d
https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2
https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20
https://github.com/python/cpython/commit/e20c6c9667c99ecaab96e1a2b3767082841ffc8b
https://github.com/python/cpython/issues/148395
https://github.com/python/cpython/pull/148396
https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/
http://www.openwall.com/lists/oss-security/2026/04/13/10