Guido van Rossum - Security Researcher - Exploit Intelligence Platform

CVE-2019-19274 WRITEUP HIGH WRITEUP

typed_ast <1.3.2 - Memory Corruption

typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)

CVSS 7.5

View Code

CVE-2019-19274 WRITEUP HIGH WRITEUP

typed_ast <1.3.2 - Memory Corruption

typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)

CVSS 7.5

View Code

CVE-2019-19275 WRITEUP HIGH WRITEUP

typed_ast 1.3.0-1.3.1 - Out-of-bounds Read in ast_for_arguments

typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)

CVSS 7.5

View Code

CVE-2019-19275 WRITEUP HIGH WRITEUP

typed_ast 1.3.0-1.3.1 - Out-of-bounds Read in ast_for_arguments

typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)

CVSS 7.5

View Code