CVE - CVE-2019-19275

CVE-ID
CVE-2019-19275	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
FEDORA:FEDORA-2020-9b3dabc21c URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LG5H4Q6LFVRX7SFXLBEJMNQFI4T5SCEA/ MISC:https://bugs.python.org/issue36495 MISC:https://github.com/python/cpython/commit/a4d78362397fc3bced6ea80fbc7b5f4827aec55e MISC:https://github.com/python/cpython/commit/dcfcd146f8e6fc5c2fc16a4c192a0c5f5ca8c53c MISC:https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce MISC:https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b
Assigning CNA
MITRE Corporation
Date Record Created
20191126	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20191126)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)