Bugzilla – Bug 1214675
VUL-0: CVE-2022-48560: python3: A use-after-free exists in Python through 3.9 via heappushpop in heapq
Last modified: 2024-05-19 07:20:05 UTC
CVE-2022-48560 A use-after-free exists in Python through 3.9 via heappushpop in heapq. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48560 https://www.cve.org/CVERecord?id=CVE-2022-48560 https://bugs.python.org/issue39421
Affected: - SUSE:SLE-12:Update/python3 3.4.10 Not affected: - SUSE:SLE-11-SP1:Update/python 2.6.9 - SUSE:SLE-11-SP1:Update/python-base 2.6.9 - SUSE:SLE-12-SP1:Update/python 2.7.18 - SUSE:SLE-12-SP1:Update/python-base 2.7.18 - SUSE:SLE-12-SP4:Update/python 2.7.18 - SUSE:SLE-12-SP4:Update/python-base 2.7.18 - SUSE:SLE-15:Update/python 2.7.18 - SUSE:SLE-15:Update/python-base 2.7.18 - openSUSE:Factory/python 2.7.18 - SUSE:SLE-12-SP3:Update:Products:Teradata:Update/python36 3.6.15 - SUSE:SLE-12-SP5:Update/python36 3.6.15 - SUSE:SLE-15-SP3:Update/python36 3.6.15 - SUSE:SLE-15:Update/python36 3.6.15 - SUSE:SLE-15-SP3:Update/python39 3.9.17 - openSUSE:Factory/python39 3.9.17 - SUSE:ALP:Source:Standard:1.0/python310 3.10.10 - SUSE:SLE-15-SP4:Update/python310 3.10.12 - openSUSE:Factory/python310 3.10.12 - SUSE:ALP:Source:Standard:1.0/python311 3.11.2 - SUSE:SLE-15-SP4:Update/python311 3.11.4 - openSUSE:Factory/python311 3.11.4
This must be a mistake: https://github.com/python/cpython/issues/83602 is from 2020 and it has been since then fixed everywhere (development was then future 3.9 and 3.6 was still maintained then). Suggesting to close as INVALID.
OK, just looking at https://github.com/fedora-python/cpython/pull/61 I had to try to reproduce with our python-base-2.7.18-39.2 and this reproducer script: import heapq class h(int): def __lt__(self, o): del list1[:] return NotImplemented list1 = [] heapq.heappush(list1, h(0)) print(list1) heapq.heappushpop(list1, 1) And it doesn’t crash: [0] Traceback (most recent call last): File "/tmp/CVE-2022-48560-proof.py", line 12, in <module> heapq.heappushpop(list1, 1) IndexError: index out of range which is correct.
Which actually is not correct.
Actually, it is correct. So, I truly cannot reproduce on Python 2.7.
SUSE-SU-2024:1667-1: An update that solves three vulnerabilities and has two security fixes can now be installed. Category: security (moderate) Bug References: 1214675, 1219306, 1219559, 1220970, 1222537 CVE References: CVE-2022-48560, CVE-2023-27043, CVE-2023-52425 Maintenance Incident: [SUSE:Maintenance:33822](https://smelt.suse.de/incident/33822/) Sources used: SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): python-base-2.7.18-33.32.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): python-2.7.18-33.32.1, python-doc-2.7.18-33.32.1, python-base-2.7.18-33.32.1 SUSE Linux Enterprise Server 12 SP5 (src): python-2.7.18-33.32.1, python-doc-2.7.18-33.32.1, python-base-2.7.18-33.32.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): python-2.7.18-33.32.1, python-doc-2.7.18-33.32.1, python-base-2.7.18-33.32.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.