Source: rust-pyo3 Version: 0.28.2-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi >From https://rustsec.org/advisories/RUSTSEC-2026-0176.html > PyO3 0.24.0 added optimized implementations of Iterator::nth and > DoubleEndedIterator::nth_back for the BoundListIterator and > BoundTupleIterator types. These implementations computed the target > index using unchecked usize addition (index + n) before bounds- > checking against the sequence length, then read the element via > get_item_unchecked. > > In nth methods, a sufficiently large n (combined with a non-zero > internal index) could cause the addition to overflow and wrap around, > producing a small "target index" that passed the bounds check and > enabling reads at the front of the list or tuple of elements > previously yielded by the iterator. > > In nth_back methods, a sufficiently large n could cause underflow in a > similar fashion, however would instead allow reads of arbitrary memory > past the end of the list or tuple storage. > > PyO3 0.29.0 has corrected these methods to use checked arithmetic at > the positions which could be at risk of overflow. Regards, Salvatore
