{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "extracted_events": [
              {
                "introduced": "0"
              },
              {
                "fixed": "3.13.14"
              },
              {
                "introduced": "3.14.0a1"
              },
              {
                "fixed": "3.14.5rc1"
              },
              {
                "introduced": "3.15.0a1"
              },
              {
                "fixed": "3.15.0b1"
              }
            ],
            "source": [
              "AFFECTED_FIELD",
              "REFERENCES"
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "introduced": "b092705907c758d4f9742028652c9802f9f03dd3"
            },
            {
              "introduced": "f31a89bb901067dd105b00cfa90523cf7ffdbbdd"
            },
            {
              "fixed": "fd17997c3866d61e0e7bd8201b1d8f35b40a40bd"
            },
            {
              "fixed": "a68a9190498a16ab1a5c9012ef5a70df81a5b328"
            },
            {
              "fixed": "f31a89bb901067dd105b00cfa90523cf7ffdbbdd"
            },
            {
              "fixed": "47128e64f98c3a20271138a98c2922bea2a3ee0e"
            },
            {
              "fixed": "6a5f79c8d7bbf22b083b240910c7a8781a59437d"
            },
            {
              "fixed": "8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2"
            },
            {
              "fixed": "c3cf71c3366fe49acb776a639405c0eea6169c20"
            },
            {
              "fixed": "e20c6c9667c99ecaab96e1a2b3767082841ffc8b"
            }
          ],
          "repo": "https://github.com/python/cpython",
          "type": "GIT"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "PSF",
    "cwe_ids": [
      "CWE-416",
      "CWE-787"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6100.json"
  },
  "details": "Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.\n\nThe vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.",
  "id": "CVE-2026-6100",
  "modified": "2026-07-08T05:38:00.946738261Z",
  "published": "2026-04-13T17:15:47.606Z",
  "references": [
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/13/10"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6100.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:10117"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:10140"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:10141"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:10711"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:10745"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:10774"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:10949"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:10950"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:11062"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:11077"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:11768"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:13692"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:13812"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:14652"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:14653"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:14656"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:16699"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:17525"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:17619"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:19019"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:19064"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:19175"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:19176"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:19177"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:19216"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:19549"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:19570"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:19571"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:19576"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:19590"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:21275"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:21682"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:25096"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:26187"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:30078"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:30087"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:30088"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:30089"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:8822"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:8824"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:9228"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6100"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6100.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/python/cpython/issues/148395"
    },
    {
      "type": "FIX",
      "url": "https://github.com/python/cpython/commit/47128e64f98c3a20271138a98c2922bea2a3ee0e"
    },
    {
      "type": "FIX",
      "url": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d"
    },
    {
      "type": "FIX",
      "url": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2"
    },
    {
      "type": "FIX",
      "url": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20"
    },
    {
      "type": "FIX",
      "url": "https://github.com/python/cpython/commit/e20c6c9667c99ecaab96e1a2b3767082841ffc8b"
    },
    {
      "type": "FIX",
      "url": "https://github.com/python/cpython/pull/148396"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/python/cpython"
    }
  ],
  "schema_version": "1.7.5",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure"
}