Bugzilla – Bug 1161563
VUL-1: CVE-2019-19275: python-typed-ast: out-of-bounds read could crash Python interpreter
Last modified: 2020-05-04 13:29:20 UTC
CVE-2019-19275 typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.) References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19275 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19275.html https://github.com/python/cpython/commit/a4d78362397fc3bced6ea80fbc7b5f4827aec55e https://github.com/python/cpython/commit/dcfcd146f8e6fc5c2fc16a4c192a0c5f5ca8c53c https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19275 https://bugs.python.org/issue36495
http://build.opensuse.org/request/show/769259
Request got accepted
This is an autogenerated message for OBS integration: This bug (1161563) was mentioned in https://build.opensuse.org/request/show/778550 15.1 / python-typed-ast
openSUSE-SU-2020:0567-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (low) Bug References: 1161562,1161563,1163532 CVE References: CVE-2019-19274,CVE-2019-19275 Sources used: openSUSE Leap 15.1 (src): python-typed-ast-1.3.1-lp151.2.6.1
openSUSE-SU-2020:0609-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (low) Bug References: 1161562,1161563,1163532 CVE References: CVE-2019-19274,CVE-2019-19275 Sources used: openSUSE Backports SLE-15-SP1 (src): python-typed-ast-1.3.1-bp151.2.6.1