Out-of-bounds Read Affecting pyo3 package, versions <0.24.1
Threat Intelligence
Exploit Maturity
Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
Proof of Concept
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-RUST-PYO3-9690257
- published14 Apr 2025
- disclosed2 Apr 2025
- creditVincent Thiberville
Introduced: 2 Apr 2025
New CVE NOT AVAILABLE CWE-125 (opens in a new tab)Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade pyo3 to version 0.24.1 or higher.
Overview
pyo3 is a package that provides Rust bindings for Python. This includes running and interacting with Python code from a Rust binary, as well as writing native Python modules.
Affected versions of this package are vulnerable to Out-of-bounds Read via the PyString::from_object function. An attacker can potentially leak contents of the out-of-bounds read by raising a Python exception containing a copy of the data including the overflow.
PoC
use pyo3::prelude::*;
use pyo3::types::{PyBytes, PyString};
fn main() {
pyo3::prepare_freethreaded_python();
Python::with_gil(|py| {
let py_bytes = PyBytes::new(py, b"ab\xFFcd");
// The following line is faulty
let py_string = PyString::from_object(&py_bytes, "utf-8", "ignore").unwrap();
// This would work:
// let py_string = PyString::from_object(&py_bytes, "utf-8\0", "ignore\0").unwrap();
let result = py_string.to_str().unwrap();
assert_eq!(result, "abcd");
});
}