Severity by source
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (PSF).
CVSS VectorVendor: PSF
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
Use-after-free (UAF) was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.
The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a MemoryError is raised during decompression. Using the helper functions to one-shot decompress data such as lzma.decompress(), bz2.decompress(), gzip.decompress(), and zlib.decompress() are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.
AnalysisAI
CPython decompression modules (lzma, bz2, gzip) allow memory corruption via use-after-free when decompressor instances are reused after MemoryError exceptions under memory pressure. Affects all CPython versions before 3.15.0. Exploitation requires network-accessible Python service that decompresses attacker-controlled data, operates under memory constraints, and reuses decompressor objects across multiple operations-a narrow but realistic scenario in containerized environments or resource-limited systems. No active exploitation confirmed (EPSS 0.05%, not in CISA KEV). Patch available via CPython 3.15.0.
Technical ContextAI
This is a use-after-free (CWE-416) in CPython's C implementation of decompression libraries. When lzma.LZMADecompressor, bz2.BZ2Decompressor, or gzip.GzipFile encounter memory allocation failures during decompression operations, they raise MemoryError but fail to clean up internal pointers to freed memory. If the application catches this exception and reuses the same decompressor instance for subsequent operations, the dangling pointer can be exploited for arbitrary memory corruption. The vulnerability exists in the stateful decompressor classes but NOT in one-shot helper functions (lzma.decompress(), bz2.decompress(), gzip.decompress(), zlib.decompress()) which create fresh instances per call. Affects CPython versions prior to 3.15.0 across all platforms. The CVSS 4.0 vector indicates network attack vector with high attack complexity (AC:H) and present attack technique (AT:P), reflecting the narrow exploitation window requiring memory pressure conditions. The fix (commits 6a5f79c, 8fc66ae, c3cf71c) adds cleanup logic to null out dangling pointers in error paths.
RemediationAI
Upgrade to CPython 3.15.0 or later, which includes fixes in commits 6a5f79c8d7, 8fc66aef6d, c3cf71c336, 47128e64f9, and e20c6c9667. For environments unable to upgrade immediately, implement these compensating controls with noted trade-offs: (1) Replace stateful decompressor instances with one-shot helper functions like lzma.decompress()-eliminates vulnerability but may increase memory overhead for large datasets by creating new instances per operation. (2) Implement strict error handling that terminates decompression workflows on MemoryError rather than catching and continuing-prevents reuse but reduces service resilience under load. (3) Deploy memory limits and monitoring to prevent MemoryError conditions entirely-reduces attack surface but may cause legitimate operations to fail. (4) For containerized deployments, allocate sufficient memory overhead (recommendation: 150% of expected peak decompression working set) to avoid memory pressure scenarios-increases resource costs. None of these mitigations provide complete protection; upgrade remains the definitive solution. Verify fix deployment via python --version and review application code for decompressor reuse patterns.
Denial of service in CPython's tarfile module allows remote attackers to trigger an infinite loop by supplying a crafted
Stack-based buffer overflow in CPython's bz2.BZ2Decompressor allows remote attackers to crash Python applications by sen
Path traversal in CPython's tarfile module allows a crafted tar archive to bypass the 'data' and 'tar' extraction filter
Command injection in CPython's webbrowser.open() API bypasses previous CVE-2026-4519 mitigation via specially crafted UR
The webbrowser.open() API in CPython accepts URLs with leading dashes, which certain web browsers interpret as command-l
Path traversal in CPython's tarfile module allows malicious tar archives to bypass the data_filter safety mechanism and
XML parsers in CPython's xml.parsers.expat and xml.etree.ElementTree modules use insufficient entropy for Expat hash-flo
Denial-of-service via quadratic algorithmic complexity in CPython's unicodedata.normalize() affects all CPython versions
Server-Side Request Forgery in CPython's ftplib module allows a malicious FTP source server to redirect a target FTP ser
Privilege escalation in CPython on Windows enables a low-privileged local user to hijack the module search path of a mor
Config file injection in CPython's configparser module allows an attacker who controls multi-line values written via con
CPython's http.cookies.Morsel.js_output() method generates inline script snippets that fail to neutralize the HTML parse
Same weakness CWE-416 – Use After Free
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| SLES15-SP5-CHOST-BYOS-SAP-CCloud | Fixed |
| SLES15-SP6-CHOST-BYOS | Fixed |
| SLES15-SP6-CHOST-BYOS-Aliyun | Fixed |
| SLES15-SP6-CHOST-BYOS-Azure | Fixed |
| SLES15-SP6-CHOST-BYOS-EC2 | Fixed |
| SLES15-SP6-CHOST-BYOS-GDC | Fixed |
| SLES15-SP6-CHOST-BYOS-SAP-CCloud | Fixed |
| SLES15-SP7-CHOST-BYOS-Aliyun | Fixed |
| SLES15-SP7-CHOST-BYOS-Azure | Fixed |
| SLES15-SP7-CHOST-BYOS-EC2 | Fixed |
| SLES15-SP7-CHOST-BYOS-GDC | Fixed |
| SLES15-SP7-CHOST-BYOS-SAP-CCloud | Fixed |
| SUSE Linux Enterprise Desktop 15 SP7 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP7 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 12 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Fixed |
| SUSE Linux Enterprise Micro 5.2 | Fixed |
| SUSE Linux Enterprise Micro 5.3 | Fixed |
| SUSE Linux Enterprise Micro 5.4 | Fixed |
| SUSE Linux Enterprise Micro 5.5 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 16.0 | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| SUSE Linux Micro 6.0 | Fixed |
| SUSE Linux Micro 6.1 | Fixed |
| SUSE Linux Micro 6.2 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| SLES15-SP3-CHOST-BYOS-Aliyun | Fixed |
| SLES15-SP3-CHOST-BYOS-Azure | Fixed |
| SLES15-SP3-CHOST-BYOS-EC2 | Fixed |
| SLES15-SP3-CHOST-BYOS-GCE | Fixed |
| SLES15-SP3-CHOST-BYOS-SAP-CCloud | Fixed |
| SLES15-SP4-CHOST-BYOS | Fixed |
| SLES15-SP4-CHOST-BYOS-Aliyun | Fixed |
| SLES15-SP4-CHOST-BYOS-Azure | Fixed |
| SLES15-SP4-CHOST-BYOS-EC2 | Fixed |
| SLES15-SP4-CHOST-BYOS-GCE | Fixed |
| SLES15-SP4-CHOST-BYOS-SAP-CCloud | Fixed |
| SLES15-SP5-CHOST-BYOS-Aliyun | Fixed |
| SLES15-SP5-CHOST-BYOS-Azure | Fixed |
| SLES15-SP5-CHOST-BYOS-EC2 | Fixed |
| SLES15-SP5-CHOST-BYOS-GCE | Fixed |
| SLES15-SP5-CHOST-BYOS-GDC | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP6 | Fixed |
| SUSE Linux Enterprise Module for Legacy 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Public Cloud 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP6 | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 12 SP5 | Fixed |
| SUSE Linux Enterprise Server 12 SP5 | Fixed |
| SUSE Linux Enterprise Server 12 SP5 | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Fixed |
| SUSE Linux Enterprise Server 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP5 | Fixed |
| SUSE Linux Enterprise Server 15 SP5 | Fixed |
| SUSE Linux Enterprise Server 15 SP5 | Fixed |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Fixed |
| SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 | Fixed |
| SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 | Fixed |
| SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Manager Proxy 4.3 | Fixed |
| SUSE Manager Proxy 4.3 | Fixed |
| SUSE Manager Proxy 4.3 | Fixed |
| SUSE Manager Proxy LTS 4.3 | Fixed |
| SUSE Manager Retail Branch Server 4.3 | Fixed |
| SUSE Manager Retail Branch Server 4.3 | Fixed |
| SUSE Manager Retail Branch Server 4.3 | Fixed |
| SUSE Manager Retail Branch Server LTS 4.3 | Fixed |
| SUSE Manager Server 4.3 | Fixed |
| SUSE Manager Server 4.3 | Fixed |
| SUSE Manager Server 4.3 | Fixed |
| SUSE Manager Server LTS 4.3 | Fixed |
| SUSE CaaS Platform 3.0 | Fixed |
| SUSE CaaS Platform 4.0 | Fixed |
| SUSE CaaS Platform 4.0 | Fixed |
| SUSE Enterprise Storage 5 | Fixed |
| SUSE Enterprise Storage 6 | Fixed |
| SUSE Enterprise Storage 6 | Fixed |
| SUSE Enterprise Storage 7 | Fixed |
| SUSE Enterprise Storage 7 | Fixed |
| SUSE Enterprise Storage 7.1 | Fixed |
| SUSE Enterprise Storage 7.1 | Fixed |
| SUSE Enterprise Storage 7.1 | Fixed |
| SUSE Linux Enterprise Desktop 12 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP1 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP1 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP4 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP4 | Fixed |
| SUSE Linux Enterprise Desktop 15 | Fixed |
| SUSE Linux Enterprise Desktop 15 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP1 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP1 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP4 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP4 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP4 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP6 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP6 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15-LTSS | Fixed |
| SUSE Linux Enterprise Micro 5.0 | Fixed |
| SUSE Linux Enterprise Micro 5.1 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP1 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP1 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP2 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP2 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP3 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP3 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP3 | Fixed |
| SUSE Linux Enterprise Module for Desktop Applications 15 | Fixed |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP1 | Fixed |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP2 | Fixed |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP3 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| SUSE Linux Enterprise Module for Python 2 15 SP1 | Fixed |
| SUSE Linux Enterprise Module for Python 2 15 SP2 | Fixed |
| SUSE Linux Enterprise Module for Python 2 15 SP3 | Fixed |
| SUSE Linux Enterprise Module for Web and Scripting 12 | Fixed |
| SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT | Fixed |
| SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT | Fixed |
| SUSE Linux Enterprise Real Time 15 SP2 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP2 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP3 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP3 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP3 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 12 | Fixed |
| SUSE Linux Enterprise Server 12 SP1 | Fixed |
| SUSE Linux Enterprise Server 12 SP1 | Fixed |
| SUSE Linux Enterprise Server 12 SP1-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP1-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP2 | Fixed |
| SUSE Linux Enterprise Server 12 SP2 | Fixed |
| SUSE Linux Enterprise Server 12 SP2-BCL | Fixed |
| SUSE Linux Enterprise Server 12 SP2-BCL | Fixed |
| SUSE Linux Enterprise Server 12 SP2-ESPOS | Fixed |
| SUSE Linux Enterprise Server 12 SP2-ESPOS | Fixed |
| SUSE Linux Enterprise Server 12 SP2-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP2-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP3 | Fixed |
| SUSE Linux Enterprise Server 12 SP3 | Fixed |
| SUSE Linux Enterprise Server 12 SP3-BCL | Fixed |
| SUSE Linux Enterprise Server 12 SP3-BCL | Fixed |
| SUSE Linux Enterprise Server 12 SP3-ESPOS | Fixed |
| SUSE Linux Enterprise Server 12 SP3-ESPOS | Fixed |
| SUSE Linux Enterprise Server 12 SP3-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP3-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP4 | Fixed |
| SUSE Linux Enterprise Server 12 SP4 | Fixed |
| SUSE Linux Enterprise Server 12 SP4-ESPOS | Fixed |
| SUSE Linux Enterprise Server 12 SP4-ESPOS | Fixed |
| SUSE Linux Enterprise Server 12 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 12-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 | Fixed |
| SUSE Linux Enterprise Server 15 | Fixed |
| SUSE Linux Enterprise Server 15 SP1 | Fixed |
| SUSE Linux Enterprise Server 15 SP1 | Fixed |
| SUSE Linux Enterprise Server 15 SP1-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP1-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP2 | Fixed |
| SUSE Linux Enterprise Server 15 SP2 | Fixed |
| SUSE Linux Enterprise Server 15 SP2-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP2-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP3 | Fixed |
| SUSE Linux Enterprise Server 15 SP3 | Fixed |
| SUSE Linux Enterprise Server 15 SP3 | Fixed |
| SUSE Linux Enterprise Server 15 SP3-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP3-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP3-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Fixed |
| SUSE Linux Enterprise Server 15-LTSS | Fixed |
| SUSE Linux Enterprise Server 15-LTSS | Fixed |
| SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 | Fixed |
| SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP5 | Fixed |
| SUSE Manager Proxy 4.0 | Fixed |
| SUSE Manager Proxy 4.0 | Fixed |
| SUSE Manager Proxy 4.1 | Fixed |
| SUSE Manager Proxy 4.1 | Fixed |
| SUSE Manager Proxy 4.2 | Fixed |
| SUSE Manager Proxy 4.2 | Fixed |
| SUSE Manager Proxy 4.2 | Fixed |
| SUSE Manager Retail Branch Server 4.0 | Fixed |
| SUSE Manager Retail Branch Server 4.0 | Fixed |
| SUSE Manager Retail Branch Server 4.1 | Fixed |
| SUSE Manager Retail Branch Server 4.1 | Fixed |
| SUSE Manager Retail Branch Server 4.2 | Fixed |
| SUSE Manager Retail Branch Server 4.2 | Fixed |
| SUSE Manager Retail Branch Server 4.2 | Fixed |
| SUSE Manager Server 4.0 | Fixed |
| SUSE Manager Server 4.0 | Fixed |
| SUSE Manager Server 4.1 | Fixed |
| SUSE Manager Server 4.1 | Fixed |
| SUSE Manager Server 4.2 | Fixed |
| SUSE Manager Server 4.2 | Fixed |
| SUSE Manager Server 4.2 | Fixed |
| SUSE OpenStack Cloud 7 | Fixed |
| SUSE OpenStack Cloud 7 | Fixed |
| SUSE OpenStack Cloud 8 | Fixed |
| SUSE OpenStack Cloud 8 | Fixed |
| SUSE OpenStack Cloud 9 | Fixed |
| SUSE OpenStack Cloud 9 | Fixed |
| SUSE OpenStack Cloud Crowbar 8 | Fixed |
| SUSE OpenStack Cloud Crowbar 8 | Fixed |
| SUSE OpenStack Cloud Crowbar 9 | Fixed |
| SUSE OpenStack Cloud Crowbar 9 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
| openSUSE Leap 15.5 | Fixed |
| openSUSE Leap 15.5 | Fixed |
| openSUSE Leap 15.5 | Fixed |
| openSUSE Leap 15.5 | Fixed |
| openSUSE Leap Micro 5.2 | Fixed |
| openSUSE Leap Micro 5.3 | Fixed |
| openSUSE Leap Micro 5.4 | Fixed |
| openSUSE Leap Micro 5.5 | Fixed |
| SLES-CHOST-BYOS-Aliyun | Fixed |
| SLES-CHOST-BYOS-Azure | Fixed |
| SLES-CHOST-BYOS-EC2 | Fixed |
| SLES-CHOST-BYOS-GCE | Fixed |
| SLES-CHOST-BYOS-GDC | Fixed |
| SLES-CHOST-BYOS-SAP-CCloud | Fixed |
| bci/python containers/lmcache-lmstack-router:0 containers/lmcache-vllm-openai:0 containers/open-webui-pipelines:0 containers/open-webui:0 containers/python:3.11 containers/pytorch:2-nvidia containers/vllm-openai:0 suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker suse/multi-linux-manager/5.1/x86_64/server suse/multi-linux-manager/5.2/x86_64/proxy-salt-broker suse/multi-linux-manager/5.2/x86_64/server | Fixed |
| bci/kiwi bci/python:3 containers/open-webui-mcpo:0 ses/6/cephcsi/cephcsi ses/6/rook/ceph ses/7.1/cephcsi/cephcsi ses/7.1/rook/ceph ses/7/ceph/ceph ses/7/cephcsi/cephcsi ses/7/rook/ceph suse/389-ds suse/manager/4.3/proxy-httpd suse/manager/4.3/proxy-salt-broker suse/manager/4.3/proxy-ssh suse/manager/4.3/proxy-tftpd suse/manager/5.0/x86_64/proxy-httpd suse/manager/5.0/x86_64/proxy-salt-broker suse/manager/5.0/x86_64/proxy-ssh suse/manager/5.0/x86_64/proxy-tftpd suse/manager/5.0/x86_64/server suse/multi-linux-manager/5.1/x86_64/proxy-httpd suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker suse/multi-linux-manager/5.1/x86_64/proxy-squid suse/multi-linux-manager/5.1/x86_64/proxy-ssh suse/multi-linux-manager/5.1/x86_64/proxy-tftpd suse/multi-linux-manager/5.1/x86_64/server suse/multi-linux-manager/5.2/x86_64/proxy-httpd suse/multi-linux-manager/5.2/x86_64/proxy-salt-broker suse/multi-linux-manager/5.2/x86_64/proxy-squid suse/multi-linux-manager/5.2/x86_64/proxy-ssh suse/multi-linux-manager/5.2/x86_64/proxy-tftpd suse/multi-linux-manager/5.2/x86_64/server suse/sles/15.3/virt-launcher:0.45.0 suse/sles/15.4/virt-launcher:0.49.0 trento/trento-runner | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22028