{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-9669: bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-9669","status":"final","version":"1","initial_release_date":"2026-06-08T22:01:15.420Z","current_release_date":"2026-06-16T12:23:44.258Z","revision_history":[{"date":"2026-06-08T22:01:15.420Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-9669 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-9669"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-9669"},{"category":"external","summary":"github.com","url":"https://github.com/python/cpython/pull/150600"},{"category":"external","summary":"mail.python.org","url":"https://mail.python.org/archives/list/security-announce@python.org/thread/DBJZETMGUIFK7DVUWMOXHD3Z6IX2QPSX/"},{"category":"external","summary":"github.com","url":"https://github.com/python/cpython/issues/150599"},{"category":"external","summary":"github.com","url":"https://github.com/python/cpython/commit/157a5df8cb5d82b33f918a7489e72ce95ceb12b6"},{"category":"external","summary":"github.com","url":"https://github.com/python/cpython/commit/5755d0f083949ff3c5bf3a37e673e24e306b036e"},{"category":"external","summary":"github.com","url":"https://github.com/python/cpython/commit/619a12b2e545391dc436b3af79dda22337382a6f"},{"category":"external","summary":"github.com","url":"https://github.com/python/cpython/commit/d3ca26983dfbccdf609f24ff5877dc3118e4702d"}]},"product_tree":{"branches":[{"category":"vendor","name":"Python Software Foundation","branches":[{"category":"product_name","name":"CPython","branches":[{"category":"product_version_range","name":"<3.13.14","product":{"name":"Python Software Foundation CPython <3.13.14","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*"}}},{"category":"product_version_range","name":">=3.14.0 <3.14.6","product":{"name":"Python Software Foundation CPython >=3.14.0 <3.14.6","product_id":"CSAFPID-2","product_identification_helper":{"cpe":"cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*"}}},{"category":"product_version_range","name":">=3.15.0a1 <3.15.0","product":{"name":"Python Software Foundation CPython >=3.15.0a1 <3.15.0","product_id":"CSAFPID-3","product_identification_helper":{"cpe":"cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-9669","title":"bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow","notes":[{"category":"description","text":"bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1","CSAFPID-2","CSAFPID-3"]},"scores":[{"cvss_v4":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N","baseScore":8.2,"baseSeverity":"HIGH"},"products":["CSAFPID-1","CSAFPID-2","CSAFPID-3"]}],"remediations":[{"category":"vendor_fix","details":"Update to a fixed version: 3.13.14, 3.14.6, 3.15.0.","product_ids":["CSAFPID-1","CSAFPID-2","CSAFPID-3"],"url":"https://github.com/python/cpython/pull/150600"}]}]}