PT-2020-6972 · Python+9 · Python+9

Dk0N9

Published

2020-01-22

Updated

2025-08-11

CVE-2022-48560

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Python versions prior to 3.9

Description A use-after-free issue exists in the Python programming language, which can be exploited to cause a denial of service. This issue is related to the heappushpop function in the heapq module.

Recommendations For versions prior to 3.9, update to a version that contains a fix for this issue. As a temporary workaround, consider avoiding the use of the heappushpop function in the heapq module until a patch is available.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2024:0114

ALSA-2024:2987

ALT-PU-2024-3474

BDU:2024-06945

BIT-LIBPYTHON-2022-48560

BIT-PYTHON-2022-48560

BIT-PYTHON-MIN-2022-48560

CESA-2024_0114

CESA-2024_2987

CVE-2022-48560

DLA-3575-1

DLA-3614-1

GHSA-PVW5-CVP6-CV92

INFSA-2024_2987

OPENSUSE-SU-2024:13488-1

OPENSUSE-SU-2024_1862-1

PSF-2023-11

RHSA-2024:0114

RHSA-2024:0430

RHSA-2024:0586

RHSA-2024:2987

RHSA-2024_0114

RHSA-2024_2987

ROSA-SA-2025-2646

SUSE-SU-2024:1667-1

SUSE-SU-2024:1862-1

SUSE-SU-2024_1667-1

USN-6394-1

USN-6394-2

USN-6891-1

USN-7180-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Python

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2020-6972 · Python+9 · Python+9

CVE-2022-48560

Weakness Enumeration

Related Identifiers

Affected Products

References · 121