CVE-2026-5713
MEDIUM
5,3
Source: [email protected]
Attack Vector: local
Attack Complexity: high
Privileges Required: high
User Interaction: active
Confidentiality: N/A
Integrity: N/A
Availability: N/A
Description
AI Translation Available
The 'profiling.sampling' module (Python 3.15+) and 'asyncio introspection capabilities' (3.14+, 'python -m asyncio ps' and 'python -m asyncio pstree') features could be used to read and write addresses in a privileged process if that process connected to a malicious or 'infected' Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0001
Percentile
0,0th
Updated
EPSS Score Trend (Last 2 Days)
121
Stack-based Buffer Overflow
DraftCommon Consequences
Security Scopes Affected:
Availability
Integrity
Confidentiality
Access Control
Other
Potential Impacts:
Modify Memory
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Execute Unauthorized Code Or Commands
Bypass Protection Mechanism
Other
Applicable Platforms
Languages:
C, C++, Memory-Unsafe
125
Out-of-bounds Read
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Availability
Other
Potential Impacts:
Read Memory
Bypass Protection Mechanism
Dos: Crash, Exit, Or Restart
Varies By Context
Applicable Platforms
Languages:
C, C++, Memory-Unsafe
Technologies:
ICS/OT
http://www.openwall.com/lists/oss-security/2026/04/15/6
https://github.com/python/cpython/commit/289fd2c97a7e5aecb8b69f94f5e838ccfeee7e…
https://github.com/python/cpython/issues/148178
https://github.com/python/cpython/pull/148187
https://mail.python.org/archives/list/[email protected]/thread/OG4RH…