Name of the Vulnerable Software and Affected Versions cpython (affected versions not specified) python3-sys (affected versions not specified) python27-sys (affected versions not specified)

Description The issue concerns the cpython crate and its underlying crates, python3-sys and python27-sys, which are no longer actively maintained. There are open issues regarding unsound code, including the potential for segmentation faults on big-endian architectures due to incorrect bitfield manipulations and the creation of invalid Python objects. Additionally, Python 3.12 is not supported due to ABI changes, which can result in invalid Python objects and out-of-bounds memory accesses.

Recommendations For cpython, consider using the pyo3 crate (version 0.19.2 and newer) as an alternative, which is actively maintained and has preliminary support for Python 3.12. For python3-sys and python27-sys, consider using the pyo3 crate (version 0.19.2 and newer) as an alternative, which is actively maintained and has preliminary support for Python 3.12. At the moment, there is no information about a newer version that contains a fix for this vulnerability.