UBUNTU-CVE-2026-57585

Source
https://ubuntu.com/security/CVE-2026-57585
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57585.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-57585
Upstream
Published
2026-06-30T22:16:00Z
Modified
2026-07-01T23:43:25.736394776Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. This issue has been fixed in version 1.2.1.

References

Affected packages

Ubuntu:18.04:LTS
python-msgpack

Package

Name
python-msgpack
Purl
pkg:deb/ubuntu/python-msgpack?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.5.4-0ubuntu2
0.5.6-0ubuntu1
0.5.6-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python-msgpack",
            "binary_version": "0.5.6-1"
        },
        {
            "binary_name": "python3-msgpack",
            "binary_version": "0.5.6-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57585.json"
Ubuntu:20.04:LTS
python-msgpack

Package

Name
python-msgpack
Purl
pkg:deb/ubuntu/python-msgpack?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.5.6-1build2
0.5.6-1ubuntu1
0.5.6-2
0.5.6-3
0.5.6-3build1
0.6.2-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-msgpack",
            "binary_version": "0.6.2-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57585.json"
Ubuntu:22.04:LTS
python-msgpack

Package

Name
python-msgpack
Purl
pkg:deb/ubuntu/python-msgpack?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.0.0-6build1
1.0.0-6build2
1.0.2-2
1.0.3-1
1.0.3-1build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-msgpack",
            "binary_version": "1.0.3-1build1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57585.json"
Ubuntu:24.04:LTS
python-msgpack

Package

Name
python-msgpack
Purl
pkg:deb/ubuntu/python-msgpack?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.0.3-3
1.0.3-3build1
1.0.3-3build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-msgpack",
            "binary_version": "1.0.3-3build2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57585.json"
python-srsly

Package

Name
python-srsly
Purl
pkg:deb/ubuntu/python-srsly?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.4.5-1build1
2.4.5-1build2
2.4.5-1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-srsly",
            "binary_version": "2.4.5-1ubuntu1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57585.json"
Ubuntu:25.10
python-msgpack

Package

Name
python-msgpack
Purl
pkg:deb/ubuntu/python-msgpack?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.0.3-3build4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-msgpack",
            "binary_version": "1.0.3-3build4"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57585.json"
python-pip

Package

Name
python-pip
Purl
pkg:deb/ubuntu/python-pip?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

25.*
25.0+dfsg-1
25.1.1+dfsg-1
25.1.1+dfsg-1ubuntu1
25.1.1+dfsg-1ubuntu2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-pip",
            "binary_version": "25.1.1+dfsg-1ubuntu2"
        },
        {
            "binary_name": "python3-pip-whl",
            "binary_version": "25.1.1+dfsg-1ubuntu2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57585.json"
python-srsly

Package

Name
python-srsly
Purl
pkg:deb/ubuntu/python-srsly?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.5.1-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-srsly",
            "binary_version": "2.5.1-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57585.json"
Ubuntu:26.04:LTS
python-msgpack

Package

Name
python-msgpack
Purl
pkg:deb/ubuntu/python-msgpack?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.0.3-3build4
1.0.3-3build5
1.1.2-1
1.1.2-2
1.1.2-2build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-msgpack",
            "binary_version": "1.1.2-2build1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57585.json"
python-srsly

Package

Name
python-srsly
Purl
pkg:deb/ubuntu/python-srsly?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.5.1-1
2.5.2-2
2.5.2-2build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-srsly",
            "binary_version": "2.5.2-2build1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57585.json"
Ubuntu:Pro:14.04:LTS
python-pip

Package

Name
python-pip
Purl
pkg:deb/ubuntu/python-pip?arch=source&distro=esm-infra-legacy%2Ftrusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.4.1-2
1.5.4-1
1.5.4-1ubuntu1
1.5.4-1ubuntu3
1.5.4-1ubuntu4
1.5.4-1ubuntu4+esm1
1.5.4-1ubuntu4+esm2
1.5.4-1ubuntu4+esm3
1.5.4-1ubuntu4+esm4
1.5.4-1ubuntu4+esm5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python-pip",
            "binary_version": "1.5.4-1ubuntu4+esm5"
        },
        {
            "binary_name": "python-pip-whl",
            "binary_version": "1.5.4-1ubuntu4+esm5"
        },
        {
            "binary_name": "python3-pip",
            "binary_version": "1.5.4-1ubuntu4+esm5"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57585.json"
Ubuntu:Pro:16.04:LTS
python-pip

Package

Name
python-pip
Purl
pkg:deb/ubuntu/python-pip?arch=source&distro=esm-apps%2Fxenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.5.6-7ubuntu1
1.5.6-7ubuntu2
8.*
8.0.2-7
8.0.3-1
8.0.3-2
8.1.0-1
8.1.0-2
8.1.1-1
8.1.1-2
8.1.1-2ubuntu0.1
8.1.1-2ubuntu0.2
8.1.1-2ubuntu0.4
8.1.1-2ubuntu0.6
8.1.1-2ubuntu0.6+esm2
8.1.1-2ubuntu0.6+esm3
8.1.1-2ubuntu0.6+esm4
8.1.1-2ubuntu0.6+esm5
8.1.1-2ubuntu0.6+esm6
8.1.1-2ubuntu0.6+esm8
8.1.1-2ubuntu0.6+esm10
8.1.1-2ubuntu0.6+esm11
8.1.1-2ubuntu0.6+esm12

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python-pip",
            "binary_version": "8.1.1-2ubuntu0.6+esm12"
        },
        {
            "binary_name": "python-pip-whl",
            "binary_version": "8.1.1-2ubuntu0.6+esm12"
        },
        {
            "binary_name": "python3-pip",
            "binary_version": "8.1.1-2ubuntu0.6+esm12"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57585.json"
Ubuntu:Pro:18.04:LTS
python-pip

Package

Name
python-pip
Purl
pkg:deb/ubuntu/python-pip?arch=source&distro=esm-apps%2Fbionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

9.*
9.0.1-2
9.0.1-2.3~ubuntu1
9.0.1-2.3~ubuntu1.18.04.1
9.0.1-2.3~ubuntu1.18.04.2
9.0.1-2.3~ubuntu1.18.04.3
9.0.1-2.3~ubuntu1.18.04.4
9.0.1-2.3~ubuntu1.18.04.5
9.0.1-2.3~ubuntu1.18.04.5+esm2
9.0.1-2.3~ubuntu1.18.04.5+esm3
9.0.1-2.3~ubuntu1.18.04.6
9.0.1-2.3~ubuntu1.18.04.6+esm1
9.0.1-2.3~ubuntu1.18.04.7
9.0.1-2.3~ubuntu1.18.04.7+esm1
9.0.1-2.3~ubuntu1.18.04.8
9.0.1-2.3~ubuntu1.18.04.8+esm1
9.0.1-2.3~ubuntu1.18.04.8+esm2
9.0.1-2.3~ubuntu1.18.04.8+esm4
9.0.1-2.3~ubuntu1.18.04.8+esm6
9.0.1-2.3~ubuntu1.18.04.8+esm7
9.0.1-2.3~ubuntu1.18.04.8+esm8

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python-pip",
            "binary_version": "9.0.1-2.3~ubuntu1.18.04.8+esm8"
        },
        {
            "binary_name": "python-pip-whl",
            "binary_version": "9.0.1-2.3~ubuntu1.18.04.8+esm8"
        },
        {
            "binary_name": "python3-pip",
            "binary_version": "9.0.1-2.3~ubuntu1.18.04.8+esm8"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57585.json"
Ubuntu:Pro:20.04:LTS
python-pip

Package

Name
python-pip
Purl
pkg:deb/ubuntu/python-pip?arch=source&distro=esm-apps%2Ffocal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

18.*
18.1-5
18.1-5build1
18.1-5ubuntu1
20.*
20.0.2-2
20.0.2-4
20.0.2-5
20.0.2-5ubuntu1
20.0.2-5ubuntu1.1
20.0.2-5ubuntu1.3
20.0.2-5ubuntu1.4
20.0.2-5ubuntu1.5
20.0.2-5ubuntu1.6
20.0.2-5ubuntu1.7
20.0.2-5ubuntu1.8
20.0.2-5ubuntu1.9
20.0.2-5ubuntu1.10
20.0.2-5ubuntu1.10+esm2
20.0.2-5ubuntu1.11
20.0.2-5ubuntu1.11+esm2
20.0.2-5ubuntu1.11+esm3
20.0.2-5ubuntu1.11+esm4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python-pip-whl",
            "binary_version": "20.0.2-5ubuntu1.11+esm4"
        },
        {
            "binary_name": "python3-pip",
            "binary_version": "20.0.2-5ubuntu1.11+esm4"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57585.json"
Ubuntu:Pro:22.04:LTS
python-pip

Package

Name
python-pip
Purl
pkg:deb/ubuntu/python-pip?arch=source&distro=esm-apps%2Fjammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

20.*
20.3.4-4
21.*
21.3.1+dfsg-3
22.*
22.0.2+dfsg-1
22.0.2+dfsg-1ubuntu0.1
22.0.2+dfsg-1ubuntu0.2
22.0.2+dfsg-1ubuntu0.3
22.0.2+dfsg-1ubuntu0.4
22.0.2+dfsg-1ubuntu0.5
22.0.2+dfsg-1ubuntu0.6
22.0.2+dfsg-1ubuntu0.7
22.0.2+dfsg-1ubuntu0.7+esm1
22.0.2+dfsg-1ubuntu0.7+esm2
22.0.2+dfsg-1ubuntu0.7+esm3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-pip",
            "binary_version": "22.0.2+dfsg-1ubuntu0.7+esm3"
        },
        {
            "binary_name": "python3-pip-whl",
            "binary_version": "22.0.2+dfsg-1ubuntu0.7+esm3"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57585.json"
Ubuntu:Pro:24.04:LTS
python-pip

Package

Name
python-pip
Purl
pkg:deb/ubuntu/python-pip?arch=source&distro=esm-apps%2Fnoble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

23.*
23.2+dfsg-1
23.3+dfsg-1
24.*
24.0+dfsg-1
24.0+dfsg-1ubuntu1
24.0+dfsg-1ubuntu1.1
24.0+dfsg-1ubuntu1.2
24.0+dfsg-1ubuntu1.3
24.0+dfsg-1ubuntu1.3+esm1
24.0+dfsg-1ubuntu1.3+esm2
24.0+dfsg-1ubuntu1.3+esm3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-pip",
            "binary_version": "24.0+dfsg-1ubuntu1.3+esm3"
        },
        {
            "binary_name": "python3-pip-whl",
            "binary_version": "24.0+dfsg-1ubuntu1.3+esm3"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57585.json"
Ubuntu:Pro:26.04:LTS
python-pip

Package

Name
python-pip
Purl
pkg:deb/ubuntu/python-pip?arch=source&distro=esm-apps%2Fresolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

25.*
25.1.1+dfsg-1ubuntu2
25.1.1+dfsg-1ubuntu2+esm1
25.1.1+dfsg-1ubuntu2+esm2
25.1.1+dfsg-1ubuntu2+esm3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-pip",
            "binary_version": "25.1.1+dfsg-1ubuntu2+esm3"
        },
        {
            "binary_name": "python3-pip-whl",
            "binary_version": "25.1.1+dfsg-1ubuntu2+esm3"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-57585.json"