CVE-2025-4516

There is an issue in CPython when using bytes.decode("unicode_escape", error="ignore|replace"). If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/4xxx/CVE-2025-4516.json",
    "cna_assigner": "PSF",
    "cwe_ids": [
        "CWE-416"
    ]
}

References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type

GIT

Repo

https://github.com/python/cpython

Events

Introduced

deaf509e8fc6e0363bd6f26d52ad42f976ec42f2

Introduced

0fb18b02c8ad56299d6a2910be0bab8ad601ef24

Introduced

60403a5409ff2c3f3b07dd2ca91a7a3e096839c7

Introduced

b092705907c758d4f9742028652c9802f9f03dd3

Fixed

88663ef89ba3576df02cc818c653f91c7d5dd023

Fixed

498b971ea3673012a1d4b21860b229d55fc6e575

Fixed

55fee9cf216abe4ec0d1139f94b1930fbd0c7644

Fixed

8a526ec7cbea8fafc9dae4b3dd6371906b9be342

Fixed

12d3f883ae8aa6297a575511b14fa1e82248427d

Fixed

4398b788ffc1f954a2c552da285477d42a571292

Fixed

6279eb8c076d89d3739a6edb393e43c7929b429d

Fixed

69b4387f78f413e8c47572a85b3478c47eba8142

Fixed

73b3040f592436385007918887b7e2132aa8431f

Fixed

8d35fd1b34935221aff23a1ab69a429dd156be77

Fixed

9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e

Fixed

ab9893c40609935e0d40a6d2a7307ea51aec598b

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.10.18"
        },
        {
            "introduced": "3.11.0"
        },
        {
            "fixed": "3.11.13"
        },
        {
            "introduced": "3.12.0"
        },
        {
            "fixed": "3.12.11"
        },
        {
            "introduced": "3.13.0"
        },
        {
            "fixed": "3.13.4"
        },
        {
            "introduced": "3.14.0a1"
        },
        {
            "fixed": "3.14.0b2"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

v0.*

v0.9.8

v0.9.9

v1.*

v1.0.1

v1.0.2

v1.1

v1.1.1

v1.2

v1.2b1

v1.2b2

v1.2b3

v1.2b4

v1.3

v1.3b1

v1.4

v1.4b1

v1.4b2

v1.4b3

v1.5

v1.5.1

v1.5.2

v1.5.2a1

v1.5.2a2

v1.5.2b1

v1.5.2b2

v1.5.2c1

v1.5a1

v1.5a2

v1.5a3

v1.5a4

v1.5b1

v1.5b2

v1.6a1

v1.6a2

v2.*

v2.0

v2.0b1

v2.0b2

v2.0c1

v2.1

v2.1a1

v2.1a2

v2.1b1

v2.1b2

v2.1c1

v2.1c2

v2.2a3

v2.3c1

v2.3c2

v2.4

v2.4a1

v2.4a2

v2.4a3

v2.4b1

v2.4b2

v2.4c1

v3.*

v3.0a1

v3.0a2

v3.0a3

v3.0a4

v3.0a5

v3.0b1

v3.0b2

v3.0b3

v3.0rc1

v3.0rc2

v3.0rc3

v3.1

v3.10.0a1

v3.10.0a7

v3.10.0b1

v3.10.0b2

v3.10.0b3

v3.10.0b4

v3.10.0rc1

v3.10.0rc2

v3.10.1

v3.10.10

v3.10.11

v3.10.12

v3.10.13

v3.10.14

v3.10.15

v3.10.16

v3.10.17

v3.10.2

v3.10.3

v3.10.4

v3.10.5

v3.10.6

v3.10.7

v3.10.8

v3.10.9

v3.11.0a3

v3.11.0a4

v3.11.0a5

v3.11.0a6

v3.11.0a7

v3.11.0b1

v3.11.0b2

v3.11.0b3

v3.11.0b4

v3.11.0b5

v3.11.0rc1

v3.11.0rc2

v3.11.1

v3.11.10

v3.11.11

v3.11.12

v3.11.2

v3.11.3

v3.11.4

v3.11.5

v3.11.6

v3.11.7

v3.11.8

v3.11.9

v3.12.0

v3.12.1

v3.12.10

v3.12.2

v3.12.3

v3.12.4

v3.12.5

v3.12.6

v3.12.7

v3.12.8

v3.12.9

v3.13.0

v3.13.1

v3.13.2

v3.13.3

v3.14.0b1

v3.1a1

v3.1a2

v3.1b1

v3.1rc1

v3.1rc2

v3.2a1

v3.2a2

v3.2a3

v3.2a4

v3.2b1

v3.2b2

v3.2rc1

v3.2rc2

v3.2rc3

v3.3.0a2

v3.3.0a3

v3.3.0a4

v3.3.0b1

v3.3.0b2

v3.3.0rc1

v3.3.0rc2

v3.3.0rc3

v3.4.0a1

v3.4.0a2

v3.4.0a3

v3.4.0a4

v3.4.0b1

v3.4.0b2

v3.4.0b3

v3.5.0a1

v3.5.0a2

v3.5.0a3

v3.5.0a4

v3.5.0b1

v3.6.0a3

v3.6.0b1

v3.7.0a2

v3.9.0a2

v3.9.0b1

v3.9.0b3

v3.9.0b5

v3.9.11

v3.9.12

v3.9.13

v3.9.14

v3.9.15

v3.9.16

v3.9.17

v3.9.18

v3.9.19

v3.9.2

v3.9.20

v3.9.21

v3.9.22

v3.9.2rc1

v3.9.5

v3.9.6

v3.9.7

v3.9.8

v3.9.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-4516.json"