{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-9669", "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22", "state": "PUBLISHED", "assignerShortName": "PSF", "dateReserved": "2026-05-27T03:13:18.152Z", "datePublished": "2026-06-08T22:01:15.420Z", "dateUpdated": "2026-06-23T17:50:38.254Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["bz2"], "product": "CPython", "repo": "https://github.com/python/cpython", "vendor": "Python Software Foundation", "versions": [{"version": "0", "lessThan": "3.13.14", "status": "affected", "versionType": "python"}, {"version": "3.14.0", "lessThan": "3.14.6", "status": "affected", "versionType": "python"}, {"version": "3.15.0a1", "lessThan": "3.15.0b3", "status": "affected", "versionType": "python"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Bitshift (https://github.com/TheShiftedBit)"}, {"lang": "en", "type": "coordinator", "value": "Emma Smith (https://github.com/emmatyping)"}, {"lang": "en", "type": "remediation developer", "value": "Stan Ulbrych (https://github.com/StanFromIreland)"}, {"lang": "en", "type": "remediation reviewer", "value": "Serhiy Storchaka (https://github.com/serhiy-storchaka)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"type": "text/html", "value": "bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data."}], "value": "bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 8.2, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based buffer overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "PSF", "dateUpdated": "2026-06-23T17:50:38.254Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/python/cpython/pull/150600"}, {"tags": ["vendor-advisory"], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/DBJZETMGUIFK7DVUWMOXHD3Z6IX2QPSX/"}, {"tags": ["issue-tracking"], "url": "https://github.com/python/cpython/issues/150599"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/157a5df8cb5d82b33f918a7489e72ce95ceb12b6"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/5755d0f083949ff3c5bf3a37e673e24e306b036e"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/619a12b2e545391dc436b3af79dda22337382a6f"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/d3ca26983dfbccdf609f24ff5877dc3118e4702d"}], "source": {"discovery": "UNKNOWN"}, "title": "bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow", "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/06/08/17"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-06-08T23:27:25.188Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-16T12:23:25.378543Z", "id": "CVE-2026-9669", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-16T12:23:44.258Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/06/08/17"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-06-08T23:27:25.188Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-9669", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-16T12:23:25.378543Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-16T12:23:36.058Z"}}], "cna": {"title": "bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Bitshift (https://github.com/TheShiftedBit)"}, {"lang": "en", "type": "coordinator", "value": "Emma Smith (https://github.com/emmatyping)"}, {"lang": "en", "type": "remediation developer", "value": "Stan Ulbrych (https://github.com/StanFromIreland)"}, {"lang": "en", "type": "remediation reviewer", "value": "Serhiy Storchaka (https://github.com/serhiy-storchaka)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/python/cpython", "vendor": "Python Software Foundation", "modules": ["bz2"], "product": "CPython", "versions": [{"status": "affected", "version": "0", "lessThan": "3.13.14", "versionType": "python"}, {"status": "affected", "version": "3.14.0", "lessThan": "3.14.6", "versionType": "python"}, {"status": "affected", "version": "3.15.0a1", "lessThan": "3.15.0b3", "versionType": "python"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/python/cpython/pull/150600", "tags": ["patch"]}, {"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/DBJZETMGUIFK7DVUWMOXHD3Z6IX2QPSX/", "tags": ["vendor-advisory"]}, {"url": "https://github.com/python/cpython/issues/150599", "tags": ["issue-tracking"]}, {"url": "https://github.com/python/cpython/commit/157a5df8cb5d82b33f918a7489e72ce95ceb12b6", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/5755d0f083949ff3c5bf3a37e673e24e306b036e", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/619a12b2e545391dc436b3af79dda22337382a6f", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/d3ca26983dfbccdf609f24ff5877dc3118e4702d", "tags": ["patch"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.", "supportingMedia": [{"type": "text/html", "value": "bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data."}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based buffer overflow"}]}], "providerMetadata": {"orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "PSF", "dateUpdated": "2026-06-23T17:50:38.254Z"}}}, "cveMetadata": {"cveId": "CVE-2026-9669", "state": "PUBLISHED", "dateUpdated": "2026-06-23T17:50:38.254Z", "dateReserved": "2026-05-27T03:13:18.152Z", "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22", "datePublished": "2026-06-08T22:01:15.420Z", "assignerShortName": "PSF"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data."}], "id": "CVE-2026-9669", "lastModified": "2026-06-10T19:16:39.233", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@python.org", "type": "Secondary"}]}, "published": "2026-06-08T23:17:25.170", "references": [{"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/157a5df8cb5d82b33f918a7489e72ce95ceb12b6"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/5755d0f083949ff3c5bf3a37e673e24e306b036e"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/619a12b2e545391dc436b3af79dda22337382a6f"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/d3ca26983dfbccdf609f24ff5877dc3118e4702d"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/issues/150599"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/pull/150600"}, {"source": "cna@python.org", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/DBJZETMGUIFK7DVUWMOXHD3Z6IX2QPSX/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2026/06/08/17"}], "sourceIdentifier": "cna@python.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "cna@python.org", "type": "Secondary"}]}

{"bugzilla": {"description": "python: Python: Denial of Service via out-of-bounds write in BZ2 decompression", "id": "2486590", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486590"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.", "A flaw was found in Python's `bz2.BZ2Decompressor` component. An attacker could provide specially crafted input that, when processed by an application reusing a decompressor object after an error, could lead to out-of-bounds writes in memory. This memory corruption could cause the application to crash, resulting in a Denial of Service (DoS)."], "mitigation": {"lang": "en:us", "value": "Applications processing untrusted BZ2 compressed data should avoid reusing `bz2.BZ2Decompressor` objects after a decompression error. Instead, a new `bz2.BZ2Decompressor` instance should be created for each new decompression attempt or after an error occurs. This prevents the decompressor from resuming from an invalid internal state."}, "name": "CVE-2026-9669", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "python36", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2026-06-08T22:01:15Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-9669\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-9669\nhttps://github.com/python/cpython/issues/150599\nhttps://github.com/python/cpython/pull/150600\nhttps://mail.python.org/archives/list/security-announce@python.org/thread/DBJZETMGUIFK7DVUWMOXHD3Z6IX2QPSX/"], "statement": "This Moderate-impact flaw in Python's `bz2.BZ2Decompressor` component affects Red Hat Enterprise Linux 8. It allows an attacker to trigger a denial of service by providing specially crafted compressed data. Exploitation requires an application to reuse a `BZ2Decompressor` object after a decompression error, leading to out-of-bounds writes and a crash.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.16.0)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "CPython", "source": "cna", "vendor": "Python Software Foundation"}, "product": "cpython", "vendor": "python"}], "created": "2026-06-08T23:30:16.415198+00:00", "updated": "2026-06-17T23:45:13.990120+00:00", "vendors": ["python", "python$PRODUCT$cpython"]}