Base Score

MEDIUM5.3

CVE-2024-9979

A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.

VectorLOCAL

Published Bysecalert@redhat.com

Published DateOct 15, 2024, 14:15

Affected Versions(1)

pyo3(crates.io)

Introduced0.22.0

Fixed0.22.4

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
pyo3(crates.io)	0.22.0	0.22.4	N/A

Weakness Type (CWE):CWE-416

CVSS Metrics

Base Score

5.3

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

LOW

References

Base Score

MEDIUM5.3

Weakness Type (CWE):CWE-416

CVSS Metrics

Base Score

5.3

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

LOW