Primary

Context

Python bz2 Module Stack Buffer Overflow Vulnerability in BZ2Decompressor

Vulnerability

Patched

A stack buffer overflow vulnerability has been identified in the Python bz2 module. This issue arises because BZ2Decompressor objects can be reused after a decompression error. If an application catches the resulting OSError and retries with the same decompressor, crafted input may cause the decompressor to resume from an invalid internal state, leading to out-of-bounds writes to a stack buffer. Consequently, this could crash the process when handling untrusted data.

Impact

Exploitation of this vulnerability causes a hard crash of the Python interpreter, potentially with a core dump.

Remediation

Users are advised to update to the latest version of Python, where this vulnerability has been addressed.

Added: Jun 8, 2026, 11:23 PM

Updated: Jun 8, 2026, 11:23 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

5.0

exploitability

5.3

remediation

7.7

relevance

9.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

5.0

exploitability

5.3

remediation

7.7

relevance

9.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Python bz2 Module Stack Buffer Overflow Vulnerability in BZ2Decompressor

Vulnerability

Impact

Remediation

Affected Products

Python

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating