Lucene search
Veracode Vulnerability DatabaseVERACODE:22022HistoryNov 27, 2019 - 3:07 a.m.
Denial Of Service (DoS)
2019-11-2703:07:47
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
EPSS
0.003
Percentile
70.5%
typed_ast is vulnerable to denial of service (DoS). The vulnerability exists through an out-of-bounds read in handle_keywordonly_args, causing the interpreter to crash if it parses but not executes Python code.
References
bugs.python.org/issue36495
github.com/python/cpython/commit/a4d78362397fc3bced6ea80fbc7b5f4827aec55e
github.com/python/cpython/commit/dcfcd146f8e6fc5c2fc16a4c192a0c5f5ca8c53c
github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce
github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b
github.com/python/typed_ast/pull/99
lists.fedoraproject.org/archives/list/[email protected]/message/LG5H4Q6LFVRX7SFXLBEJMNQFI4T5SCEA/
Related
osv
osv
PYSEC-2019-130
2019-11-26 15:15:00
typed-ast Out-of-bounds Read
2019-12-02 18:02:02
CVE-2019-19274
2019-11-26 15:15:12
nvd
nvd
CVE-2019-19274
2019-11-26 15:15:12
cvelist
cvelist
CVE-2019-19274
2019-11-26 14:08:25
debiancve
debiancve
CVE-2019-19274
2019-11-26 15:15:12
prion
prion
Design/Logic Flaw
2019-11-26 15:15:00
github
github
typed-ast Out-of-bounds Read
2019-12-02 18:02:02
ubuntucve
ubuntucve
CVE-2019-19274
2019-11-26 00:00:00
cve
cve
CVE-2019-19274
2019-11-26 15:15:12
openvas
openvas
Fedora: Security Advisory for python3-typed_ast (FEDORA-2020-9b3dabc21c)
2020-03-15 00:00:00
Mageia: Security Advisory (MGASA-2020-0249)
2022-01-28 00:00:00
openSUSE: Security Advisory for python-typed-ast (openSUSE-SU-2020:0567-1)
2020-05-02 00:00:00
nessus
nessus
openSUSE Security Update : python-typed-ast (openSUSE-2020-567)
2020-05-04 00:00:00
Fedora 30 : python3-typed_ast (2020-9b3dabc21c)
2020-03-16 00:00:00
suse
suse
Security update for python-typed-ast (low)
2020-05-04 00:00:00
Security update for python-typed-ast (low)
2020-05-01 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: python3-typed_ast-1.4.0-2.fc30
2020-03-14 00:25:20
hackerone
hackerone
mageia
mageia
Updated python-typed-ast packages fix security vulnerability
2020-06-11 01:26:12