Medium severity5.3NVD Advisory· Published Oct 15, 2024· Updated Apr 15, 2026
CVE-2024-9979
CVE-2024-9979
Description
A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pyo3crates.io | >= 0.22.0, < 0.22.4 | 0.22.4 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-6jgw-rgmm-7cv6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-9979ghsaADVISORY
- access.redhat.com/security/cve/CVE-2024-9979nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- crates.io/crates/pyo3nvdWEB
- github.com/PyO3/pyo3/pull/4590nvdWEB
- rustsec.org/advisories/RUSTSEC-2024-0378.htmlnvdWEB
News mentions
0No linked articles in our index yet.