MEDIUM 6.5
PYSEC-2026-1450
hnswlib Double Free vulnerability
Details
Hnswlib 0.7.0 has a double free in `init_index` when the M argument is a large integer.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2023-37365 [ADVISORY]
- https://github.com/nmslib/hnswlib/issues/467 [WEB]
- https://github.com/nmslib/hnswlib/pull/484 [WEB]
- https://github.com/nmslib/hnswlib/commit/f6d170ce0b41f9e75ace473b09df6e7872590757 [WEB]
- https://github.com/nmslib/hnswlib [PACKAGE]
- https://pypi.org/project/hnswlib [PACKAGE]
- https://github.com/advisories/GHSA-xwc8-rf6m-xr86 [ADVISORY]