Skip to main content
Version: latest

CVE-2022-48560

CVE Details

CVE-2022-48560

Last Update

9/15/24

NIST CVE Summary

A use-after-free exists in Python through 3.9 via heappushpop in heapq.

Our Official Summary

This CVE affects python versions upto 3.9. The use-after-free vulnerability in Python's heapq module allows an attacker to manipulate memory after it has been freed, potentially leading to arbitrary code execution or a denial of service. This vulnerability can be exploited by carefully crafting a malicious input that triggers the use-after-free condition. There is no known workaround for this vulnerability. Python version needs to be upgraded in the images reported.

CVE Severity

7.5

Status

Ongoing

Affected Products & Versions

  • Palette VerteX 4.4.18

Revision History

  • 1.0 9/13/2024 Initial Publication
  • 2.0 9/13/2024 Added Palette VerteX 4.4.18 to Affected Products