Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target
Summary
| CVE | CVE-2026-5713 |
|---|---|
| State | PUBLISHED |
| Assigner | PSF |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-04-14 16:16:48 UTC |
| Updated | 2026-04-15 18:17:24 UTC |
| Description | The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR. |
Risk And Classification
Primary CVSS: v4.0 5.3 MEDIUM from [email protected]
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Problem Types: CWE-121 | CWE-125 | CWE-121 CWE-121 Stack-based buffer overflow | CWE-125 CWE-125 Out-of-bounds read
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | [email protected] | Secondary | 5.3 | MEDIUM | CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/C... |
| 4.0 | CNA | CVSS | 5.3 | MEDIUM | CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
CVSS v4.0 Breakdown
Attack Vector
LocalAttack Complexity
HighAttack Requirements
PresentPrivileges Required
HighUser Interaction
ActiveConfidentiality
HighIntegrity
HighAvailability
NoneSub Conf.
NoneSub Integrity
NoneSub Availability
NoneCVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Python Software Foundation | CPython | affected 3.14.0 3.15.0 python | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| github.com/python/cpython/pull/148187 | [email protected] | github.com | |
| github.com/python/cpython/issues/148178 | [email protected] | github.com | |
| mail.python.org/archives/list/[email protected]/thread/OG4RHARYSNI... | [email protected] | mail.python.org | |
| github.com/python/cpython/commit/289fd2c97a7e5aecb8b69f94f5e838ccfeee7e67 | [email protected] | github.com | |
| www.openwall.com/lists/oss-security/2026/04/15/6 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Nicholas Gould (https://github.com/gouldnicholas) (en)
CNA: Pablo Galindo Salgado (en)
CNA: Pablo Galindo Salgado (en)
There are currently no legacy QID mappings associated with this CVE.