{"id":"PSF-2026-27","details":"bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.","aliases":["BIT-libpython-2026-9669","BIT-python-2026-9669","BIT-python-min-2026-9669","CVE-2026-9669"],"modified":"2026-06-25T08:11:22.655313504Z","published":"2026-06-08T22:01:15.420Z","database_specific":{"cwe_ids":[]},"references":[{"type":"WEB","url":"https://github.com/python/cpython/pull/150600"},{"type":"ADVISORY","url":"https://mail.python.org/archives/list/security-announce@python.org/thread/DBJZETMGUIFK7DVUWMOXHD3Z6IX2QPSX/"},{"type":"REPORT","url":"https://github.com/python/cpython/issues/150599"},{"type":"FIX","url":"https://github.com/python/cpython/commit/157a5df8cb5d82b33f918a7489e72ce95ceb12b6"},{"type":"FIX","url":"https://github.com/python/cpython/commit/5755d0f083949ff3c5bf3a37e673e24e306b036e"},{"type":"FIX","url":"https://github.com/python/cpython/commit/619a12b2e545391dc436b3af79dda22337382a6f"},{"type":"FIX","url":"https://github.com/python/cpython/commit/d3ca26983dfbccdf609f24ff5877dc3118e4702d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"157a5df8cb5d82b33f918a7489e72ce95ceb12b6"},{"fixed":"5755d0f083949ff3c5bf3a37e673e24e306b036e"},{"fixed":"619a12b2e545391dc436b3af79dda22337382a6f"},{"fixed":"d3ca26983dfbccdf609f24ff5877dc3118e4702d"}]}],"versions":["v3.15.0b2","v3.14.5","v3.15.0b1","v3.14.5rc1","v3.13.13","v3.14.4","v3.15.0a8","v3.15.0a7","v3.15.0a6","v3.13.12","v3.14.3","v3.15.0a5","v3.15.0a4","v3.15.0a3","v3.14.2","v3.13.11","v3.13.10","v3.14.1","v3.15.0a2","v3.15.0a1","v3.13.8","v3.14.0","v3.14.0rc3","v3.13.7","v3.14.0rc2","v3.13.6","v3.14.0rc1","v3.14.0b4","v3.14.0b3","v3.13.5","v3.13.4","v3.14.0b2","v3.14.0b1","v3.13.3","v3.14.0a7","v3.14.0a6","v3.14.0a5","v3.13.2","v3.14.0a4","v3.14.0a3","v3.13.1","v3.14.0a2","v3.14.0a1","v3.13.0","v3.13.0rc3","v3.13.0rc2","v3.13.0rc1","v3.13.0b4","v3.13.0b3","v3.13.0b2","v3.13.0b1","v3.13.0a6","v3.13.0a5","v3.13.0a4","v3.13.0a3","v3.13.0a2","v3.13.0a1","v3.12.0b1","v3.12.0a7","v3.12.0a6","v3.12.0a5","v3.12.0a4","v3.12.0a3","v3.12.0a2","v3.12.0a1","v3.11.0b1","v3.11.0a7","v3.11.0a6","v3.11.0a5","v3.11.0a4","v3.11.0a3","v3.10.0a7","v3.10.0a1","v3.9.0a2","v3.7.0a2","v3.6.0b1","v3.6.0a3","v3.5.0b1","v3.5.0a4","v3.5.0a3","v3.5.0a2","v3.5.0a1","v3.4.0b3","v3.4.0b2","v3.4.0b1","v3.4.0a4","v3.4.0a3","v3.4.0a2","v3.4.0a1","v3.3.0rc3","v3.3.0rc2","v3.3.0rc1","v3.3.0b2","v3.3.0b1","v3.3.0a4","v3.3.0a3","v3.3.0a2","v3.2rc3","v3.2rc2","v3.2rc1","v3.2b2","v3.2b1","v3.2a4","v3.2a3","v3.2a2","v3.2a1","v3.1","v3.1rc2","v3.1rc1","v3.1b1","v3.1a2","v3.1a1","v3.0rc3","v3.0rc2","v3.0rc1","v3.0b3","v3.0b2","v3.0b1","v3.0a5","v3.0a4","v3.0a3","v3.0a2","v3.0a1","v2.4","v2.4c1","v2.4b2","v2.4b1","v2.4a3","v2.4a2","v2.4a1","v2.3c2","v2.3c1","v2.2a3","v2.1","v2.1c2","v2.1c1","v2.1b2","v2.1b1","v2.1a2","v2.1a1","v2.0","v2.0c1","v2.0b2","v2.0b1","v1.6a2","v1.6a1","v1.5.2","v1.5.2c1","v1.5.2b2","v1.5.2b1","v1.5.2a2","v1.5.2a1","v1.5.1","v1.5","v1.5b2","v1.5b1","v1.5a4","v1.5a3","v1.5a2","v1.5a1","v1.4","v1.4b3","v1.4b2","v1.4b1","v1.3","v1.3b1","v1.2","v1.2b4","v1.2b3","v1.2b2","v1.2b1","v1.1.1","v1.1","v1.0.2","v1.0.1","v0.9.9","v0.9.8"],"database_specific":{"source":"https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2026-27.json","vanir_signatures":[{"id":"PSF-2026-27-43d1a68c","source":"https://github.com/python/cpython/commit/d3ca26983dfbccdf609f24ff5877dc3118e4702d","target":{"file":"Modules/_bz2module.c"},"digest":{"threshold":0.9,"line_hashes":["230549807586347801882752565727751527393","259826515629445840524055930255270819569","61884081560884315263548559216161355479","79711694314862108340541197613207575946","171752414468768194608689478864728584766","244896825634063513341487830919391053623","270116362062481798266002745410761144483","135851173470804331812991044096892707406","187850330169432792462433470324067099149","46264331593371765365053503316412057156","287546421518025134782360525923429325649","144711800226151315620070234557395546186","139742599704273432116709087783106689796","303706301689659795029483786708038468343","260603280173778536467919405606800329863","37282471943017895370075327536954715750","329688701832568305911903580974753306128","169032784915282225376038835778399062686","222725239250192608948367063362424983213","129741306537458160456606408761404801673"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"PSF-2026-27-583d2510","signature_type":"Function","target":{"file":"Modules/_bz2module.c","function":"_bz2_BZ2Decompressor_decompress_impl"},"digest":{"length":305,"function_hash":"237157038820676258852447556561399486795"},"deprecated":false,"source":"https://github.com/python/cpython/commit/619a12b2e545391dc436b3af79dda22337382a6f","signature_version":"v1"},{"id":"PSF-2026-27-5a90cf92","signature_type":"Function","target":{"file":"Modules/_bz2module.c","function":"decompress_buf"},"digest":{"length":967,"function_hash":"12475210129250170784485077059971131042"},"deprecated":false,"source":"https://github.com/python/cpython/commit/619a12b2e545391dc436b3af79dda22337382a6f","signature_version":"v1"},{"id":"PSF-2026-27-64edab57","signature_type":"Function","target":{"file":"Modules/_bz2module.c","function":"_bz2_BZ2Decompressor_decompress_impl"},"deprecated":false,"digest":{"length":327,"function_hash":"324494633129969884664463818217685591182"},"source":"https://github.com/python/cpython/commit/5755d0f083949ff3c5bf3a37e673e24e306b036e","signature_version":"v1"},{"id":"PSF-2026-27-74a63175","signature_type":"Function","target":{"file":"Modules/_bz2module.c","function":"decompress_buf"},"deprecated":false,"digest":{"length":967,"function_hash":"12475210129250170784485077059971131042"},"source":"https://github.com/python/cpython/commit/157a5df8cb5d82b33f918a7489e72ce95ceb12b6","signature_version":"v1"},{"id":"PSF-2026-27-767a64d1","signature_type":"Line","target":{"file":"Modules/_bz2module.c"},"digest":{"threshold":0.9,"line_hashes":["230549807586347801882752565727751527393","259826515629445840524055930255270819569","61884081560884315263548559216161355479","79711694314862108340541197613207575946","171752414468768194608689478864728584766","244896825634063513341487830919391053623","270116362062481798266002745410761144483","301458273768679745851477136163384738787","326679068747380593195372742629785605814","63860159810743592708049383519597402068","227962660283150036829664603411509087708","65322514126625934999787331933915003546","139742599704273432116709087783106689796","153074271145615424374466652844640026183","50516197816847867676426154913464944742","244810537808551927082172479326136103730","171848629098389974293193736390253590171","284304586435141485197444375467611256436","209901103058700644331660527939509813016"]},"deprecated":false,"source":"https://github.com/python/cpython/commit/619a12b2e545391dc436b3af79dda22337382a6f","signature_version":"v1"},{"signature_version":"v1","source":"https://github.com/python/cpython/commit/d3ca26983dfbccdf609f24ff5877dc3118e4702d","target":{"file":"Modules/_bz2module.c","function":"_bz2_BZ2Decompressor_decompress_impl"},"digest":{"length":327,"function_hash":"324494633129969884664463818217685591182"},"deprecated":false,"signature_type":"Function","id":"PSF-2026-27-83b70eb1"},{"id":"PSF-2026-27-88372235","signature_type":"Function","target":{"file":"Modules/_bz2module.c","function":"decompress_buf"},"digest":{"length":982,"function_hash":"290164687798376905522712649084948442447"},"deprecated":false,"source":"https://github.com/python/cpython/commit/d3ca26983dfbccdf609f24ff5877dc3118e4702d","signature_version":"v1"},{"id":"PSF-2026-27-97b4386a","signature_type":"Function","target":{"file":"Modules/_bz2module.c","function":"decompress_buf"},"deprecated":false,"digest":{"length":982,"function_hash":"290164687798376905522712649084948442447"},"source":"https://github.com/python/cpython/commit/5755d0f083949ff3c5bf3a37e673e24e306b036e","signature_version":"v1"},{"id":"PSF-2026-27-a77dd4db","signature_type":"Function","target":{"file":"Modules/_bz2module.c","function":"_bz2_BZ2Decompressor_impl"},"digest":{"length":725,"function_hash":"43861071656797244308731160845717430801"},"deprecated":false,"source":"https://github.com/python/cpython/commit/619a12b2e545391dc436b3af79dda22337382a6f","signature_version":"v1"},{"id":"PSF-2026-27-a7eb6970","signature_type":"Function","target":{"file":"Modules/_bz2module.c","function":"_bz2_BZ2Decompressor_decompress_impl"},"digest":{"length":305,"function_hash":"237157038820676258852447556561399486795"},"deprecated":false,"source":"https://github.com/python/cpython/commit/157a5df8cb5d82b33f918a7489e72ce95ceb12b6","signature_version":"v1"},{"id":"PSF-2026-27-bae64abe","signature_type":"Function","target":{"file":"Modules/_bz2module.c","function":"_bz2_BZ2Decompressor_impl"},"digest":{"length":725,"function_hash":"43861071656797244308731160845717430801"},"deprecated":false,"source":"https://github.com/python/cpython/commit/157a5df8cb5d82b33f918a7489e72ce95ceb12b6","signature_version":"v1"},{"signature_version":"v1","signature_type":"Line","target":{"file":"Modules/_bz2module.c"},"digest":{"threshold":0.9,"line_hashes":["230549807586347801882752565727751527393","259826515629445840524055930255270819569","61884081560884315263548559216161355479","79711694314862108340541197613207575946","171752414468768194608689478864728584766","244896825634063513341487830919391053623","270116362062481798266002745410761144483","301458273768679745851477136163384738787","326679068747380593195372742629785605814","63860159810743592708049383519597402068","227962660283150036829664603411509087708","65322514126625934999787331933915003546","139742599704273432116709087783106689796","153074271145615424374466652844640026183","50516197816847867676426154913464944742","244810537808551927082172479326136103730","171848629098389974293193736390253590171","284304586435141485197444375467611256436","209901103058700644331660527939509813016"]},"deprecated":false,"id":"PSF-2026-27-cffcb8eb","source":"https://github.com/python/cpython/commit/157a5df8cb5d82b33f918a7489e72ce95ceb12b6"},{"id":"PSF-2026-27-dd9baae2","source":"https://github.com/python/cpython/commit/5755d0f083949ff3c5bf3a37e673e24e306b036e","target":{"file":"Modules/_bz2module.c","function":"_bz2_BZ2Decompressor_impl"},"digest":{"length":574,"function_hash":"211737575122334054247505236780163694353"},"deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"PSF-2026-27-e79b54c8","signature_type":"Function","target":{"file":"Modules/_bz2module.c","function":"_bz2_BZ2Decompressor_impl"},"digest":{"length":574,"function_hash":"211737575122334054247505236780163694353"},"deprecated":false,"source":"https://github.com/python/cpython/commit/d3ca26983dfbccdf609f24ff5877dc3118e4702d","signature_version":"v1"},{"id":"PSF-2026-27-febb9baa","source":"https://github.com/python/cpython/commit/5755d0f083949ff3c5bf3a37e673e24e306b036e","target":{"file":"Modules/_bz2module.c"},"digest":{"threshold":0.9,"line_hashes":["230549807586347801882752565727751527393","259826515629445840524055930255270819569","61884081560884315263548559216161355479","79711694314862108340541197613207575946","171752414468768194608689478864728584766","244896825634063513341487830919391053623","270116362062481798266002745410761144483","135851173470804331812991044096892707406","187850330169432792462433470324067099149","46264331593371765365053503316412057156","287546421518025134782360525923429325649","144711800226151315620070234557395546186","139742599704273432116709087783106689796","303706301689659795029483786708038468343","260603280173778536467919405606800329863","37282471943017895370075327536954715750","329688701832568305911903580974753306128","169032784915282225376038835778399062686","222725239250192608948367063362424983213","129741306537458160456606408761404801673"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"}],"vanir_signatures_modified":"2026-06-11T02:04:24Z"}}],"schema_version":"1.7.5"}