DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-CHGR-C6PX-7XPP: GHSA-chgr-c6px-7xpp: Thread-Safety Data Race in PyO3 Closure Wrapping

#security #cve #cybersecurity #ghsa

GHSA-chgr-c6px-7xpp: Thread-Safety Data Race in PyO3 Closure Wrapping

Vulnerability ID: GHSA-CHGR-C6PX-7XPP
CVSS Score: 5.9
Published: 2026-06-12

A thread-safety vulnerability exists in the PyO3 library versions prior to 0.29.0 due to a missing Sync trait bound on closure type parameters. This omission allows safe Rust code to register non-thread-safe closures as Python callables, leading to concurrent shared mutation and data races during multithreaded execution.

TL;DR

Missing Sync bound in PyO3 allows thread-unsafe closures (capturing Cell or RefCell) to compile, resulting in data races and memory corruption when concurrently executed by Python threads.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization)
  • Attack Vector: Network
  • Attack Complexity: High
  • CVSS v4.0 Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
  • EPSS Score: N/A
  • Exploit Status: Proof of Concept
  • KEV Status: Not Listed

Affected Systems

  • pyo3 crate
  • Rust-Python applications utilizing PyO3 closures
  • pyo3: >= 0.15.0, < 0.29.0 (Fixed in: 0.29.0)

Mitigation Strategies

  • Upgrade pyo3 dependency to version 0.29.0 or higher.
  • Replace non-Sync types like Cell and RefCell inside closures with thread-safe types like Mutex, RwLock, or atomic integers.
  • Audit all calls to PyCFunction::new_closure and PyCFunction::new_closure_bound to verify compile-time validation.

Remediation Steps:

  1. Open the Cargo.toml file of your Rust project.
  2. Locate the pyo3 dependency entry.
  3. Update the pyo3 version to 0.29.0 or later: pyo3 = { version = '0.29.0' }.
  4. Run cargo build to trigger the compiler's static analysis.
  5. Address any compilation errors related to non-Sync types inside closures by replacing them with thread-safe alternatives.

References

Read the full report for GHSA-CHGR-C6PX-7XPP on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)