Lucene search
Veracode Vulnerability DatabaseVERACODE:22024HistoryNov 27, 2019 - 8:05 a.m.
Denial Of Service (DoS)
2019-11-2708:05:47
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
EPSS
0.003
Percentile
70.5%
typed_ast is vulnerable to denial of service (DoS). The attack is possible because of an out-of-bounds array read occured in ast_for_arguments functions in Python/ast.c when an index variable is incremented, causing an application crash.
References
bugs.python.org/issue36495
github.com/python/cpython/commit/a4d78362397fc3bced6ea80fbc7b5f4827aec55e
github.com/python/cpython/commit/dcfcd146f8e6fc5c2fc16a4c192a0c5f5ca8c53c
github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce
github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b
lists.fedoraproject.org/archives/list/[email protected]/message/LG5H4Q6LFVRX7SFXLBEJMNQFI4T5SCEA/
Related
cvelist
cvelist
CVE-2019-19275
2019-11-26 14:08:17
github
github
typed-ast Out-of-bounds Read
2019-12-02 18:03:09
osv
osv
CVE-2019-19275
2019-11-26 15:15:12
PYSEC-2019-131
2019-11-26 15:15:00
typed-ast Out-of-bounds Read
2019-12-02 18:03:09
ubuntucve
ubuntucve
CVE-2019-19275
2019-11-26 00:00:00
prion
prion
Design/Logic Flaw
2019-11-26 15:15:00
cve
cve
CVE-2019-19275
2019-11-26 15:15:12
debiancve
debiancve
CVE-2019-19275
2019-11-26 15:15:12
veracode
veracode
Denial Of Service (DoS)
2020-01-24 01:55:40
nvd
nvd
CVE-2019-19275
2019-11-26 15:15:12
nessus
nessus
openSUSE Security Update : python-typed-ast (openSUSE-2020-567)
2020-05-04 00:00:00
Fedora 30 : python3-typed_ast (2020-9b3dabc21c)
2020-03-16 00:00:00
suse
suse
Security update for python-typed-ast (low)
2020-05-04 00:00:00
Security update for python-typed-ast (low)
2020-05-01 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: python3-typed_ast-1.4.0-2.fc30
2020-03-14 00:25:20
hackerone
hackerone
mageia
mageia
Updated python-typed-ast packages fix security vulnerability
2020-06-11 01:26:12
openvas
openvas
Fedora: Security Advisory for python3-typed_ast (FEDORA-2020-9b3dabc21c)
2020-03-15 00:00:00
Mageia: Security Advisory (MGASA-2020-0249)
2022-01-28 00:00:00
openSUSE: Security Advisory for python-typed-ast (openSUSE-SU-2020:0567-1)
2020-05-02 00:00:00