VDB
CISA-2025-4516
CISA-2025-4516
PUBLISHED
CVSS 5.9 MEDIUM
Reported by PSF · Published May 15, 2025
There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.
Risk Scores
CVSS 4.0
5.9
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Python Software Foundation | CPython | 0, 3.10.0, 3.11.0 |
| Python Software Foundation | CPython | 0, 3.10.0, 3.11.0 |
Timeline
- May 15, 2025 CVE Published
- Jun 3, 2025 CVE Updated
References
- issue-tracking
- patch
- vendor-advisory
- patch
- patch
- patch
- patch
- patch
- patch
- patch
- http://www.openwall.com/lists/oss-security/2025/05/16/4 url
- http://www.openwall.com/lists/oss-security/2025/05/19/1 url