CVE-2022-48560
CVE Details
Visit the official vulnerability details page for CVE-2022-48560 to learn more.
Initial Publication
11/13/2024
Last Update
12/13/2024
Third Party Dependency
libpython2.7-minimal
NIST CVE Summary
A use-after-free exists in Python through 3.9 via heappushpop in heapq.
CVE Severity
Our Official Summary
This CVE affects python versions upto 3.9. The use-after-free vulnerability in Python's heapq module allows an attacker to manipulate memory after it has been freed, potentially leading to arbitrary code execution or a denial of service. This vulnerability can be exploited by carefully crafting a malicious input that triggers the use-after-free condition. There is no known workaround for this vulnerability. Python version needs to be upgraded in the images reported.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.4.20 | ✅ No Impact | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted |
Revision History
| Date | Revision |
|---|