CVE-2026-5713

EPSS 0.02%
Veröffentlicht 14.04.2026 15:11:51
Zuletzt bearbeitet 17.04.2026 15:11:35
Quelle cna@python.org
CVE-Watchlists
Login
Unerledigt
Login

Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target

The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 8

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerPython Software Foundation

≫

Produkt CPython

Default Statusunaffected

Version 3.14.0

Version < 3.15.0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.05

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@python.org	5.3	0	0	CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/python/cpython/pull/148187

https://github.com/python/cpython/issues/148178

https://github.com/python/cpython/commit/289fd2c97a7e5aecb8b69f94f5e838ccfeee7e67

https://mail.python.org/archives/list/security-announce@python.org/thread/OG4RHARYSNIE22GGOMVMCRH76L5HKPLM/

http://www.openwall.com/lists/oss-security/2026/04/15/6

https://nvd.nist.gov/vuln/detail/CVE-2026-5713

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-5713

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-5713

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-5713