{"id":"CVE-2026-5713","summary":"Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target","details":"The \"profiling.sampling\" module (Python 3.15+) and \"asyncio introspection capabilities\" (3.14+, \"python -m asyncio ps\" and \"python -m asyncio pstree\") features could be used to read and write addresses in a privileged process if that process connected to a malicious or \"infected\" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.","aliases":["BIT-libpython-2026-5713","BIT-python-2026-5713","BIT-python-min-2026-5713","PSF-2026-19"],"modified":"2026-06-18T15:14:27.925282Z","published":"2026-04-14T15:11:51.122Z","related":["ALSA-2026:19019","ALSA-2026:19176","openSUSE-SU-2026:10648-1"],"database_specific":{"cwe_ids":["CWE-121","CWE-125"],"cna_assigner":"PSF","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5713.json"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2026/04/15/6"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5713.json"},{"type":"ADVISORY","url":"https://mail.python.org/archives/list/security-announce@python.org/thread/OG4RHARYSNIE22GGOMVMCRH76L5HKPLM/"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5713"},{"type":"REPORT","url":"https://github.com/python/cpython/issues/148178"},{"type":"FIX","url":"https://github.com/python/cpython/commit/289fd2c97a7e5aecb8b69f94f5e838ccfeee7e67"},{"type":"FIX","url":"https://github.com/python/cpython/commit/316f6265b7f9ca4ffed5346b747475ef1943f35d"},{"type":"FIX","url":"https://github.com/python/cpython/pull/148187"},{"type":"PACKAGE","url":"https://github.com/python/cpython"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"introduced":"ebf955df7a89ed0c7968f79faec1de49f61ed7cb"},{"introduced":"f31a89bb901067dd105b00cfa90523cf7ffdbbdd"},{"fixed":"5607950ef232dad16d75c0cf53101d9649d89115"},{"fixed":"f31a89bb901067dd105b00cfa90523cf7ffdbbdd"},{"fixed":"289fd2c97a7e5aecb8b69f94f5e838ccfeee7e67"},{"fixed":"316f6265b7f9ca4ffed5346b747475ef1943f35d"}],"database_specific":{"extracted_events":[{"introduced":"3.14.0"},{"fixed":"3.14.5"},{"introduced":"3.15.0a1"},{"fixed":"3.15.0b1"}],"source":["AFFECTED_FIELD","REFERENCES"]}}],"versions":["v3.14.5rc1","v3.14.4","v3.15.0a8","v3.15.0a7","v3.15.0a6","v3.14.3","v3.15.0a5","v3.15.0a4","v3.15.0a3","v3.14.2","v3.14.1","v3.15.0a2","v3.15.0a1","v3.14.0","v3.14.0b1","v3.14.0a7","v3.14.0a6","v3.14.0a5","v3.14.0a4","v3.14.0a3","v3.14.0a2","v3.14.0a1","v3.13.0b1","v3.13.0a6","v3.13.0a5","v3.13.0a4","v3.13.0a3","v3.13.0a2","v3.13.0a1","v3.12.0b1","v3.12.0a7","v3.12.0a6","v3.12.0a5","v3.12.0a4","v3.12.0a3","v3.12.0a2","v3.12.0a1","v3.11.0b1","v3.11.0a7","v3.11.0a6","v3.11.0a5","v3.11.0a4","v3.11.0a3","v3.10.0a7","v3.10.0a1","v3.9.0a2","v3.7.0a2","v3.6.0b1","v3.6.0a3","v3.5.0b1","v3.5.0a4","v3.5.0a3","v3.5.0a2","v3.5.0a1","v3.4.0b3","v3.4.0b2","v3.4.0b1","v3.4.0a4","v3.4.0a3","v3.4.0a2","v3.4.0a1","v3.3.0rc3","v3.3.0rc2","v3.3.0rc1","v3.3.0b2","v3.3.0b1","v3.3.0a4","v3.3.0a3","v3.3.0a2","v3.2rc3","v3.2rc2","v3.2rc1","v3.2b2","v3.2b1","v3.2a4","v3.2a3","v3.2a2","v3.2a1","v3.1","v3.1rc2","v3.1rc1","v3.1b1","v3.1a2","v3.1a1","v3.0rc3","v3.0rc2","v3.0rc1","v3.0b3","v3.0b2","v3.0b1","v3.0a5","v3.0a4","v3.0a3","v3.0a2","v3.0a1","v2.4","v2.4c1","v2.4b2","v2.4b1","v2.4a3","v2.4a2","v2.4a1","v2.3c2","v2.3c1","v2.2a3","v2.1","v2.1c2","v2.1c1","v2.1b2","v2.1b1","v2.1a2","v2.1a1","v2.0","v2.0c1","v2.0b2","v2.0b1","v1.6a2","v1.6a1","v1.5.2","v1.5.2c1","v1.5.2b2","v1.5.2b1","v1.5.2a2","v1.5.2a1","v1.5.1","v1.5","v1.5b2","v1.5b1","v1.5a4","v1.5a3","v1.5a2","v1.5a1","v1.4","v1.4b3","v1.4b2","v1.4b1","v1.3","v1.3b1","v1.2","v1.2b4","v1.2b3","v1.2b2","v1.2b1","v1.1.1","v1.1","v1.0.2","v1.0.1","v0.9.9","v0.9.8"],"database_specific":{"vanir_signatures_modified":"2026-06-18T15:14:27Z","vanir_signatures":[{"signature_type":"Function","digest":{"function_hash":"122592924793283420928162209528572817026","length":434},"signature_version":"v1","target":{"file":"Modules/_remote_debugging_module.c","function":"read_async_debug"},"deprecated":false,"source":"https://github.com/python/cpython/commit/316f6265b7f9ca4ffed5346b747475ef1943f35d","id":"CVE-2026-5713-11893e5e"},{"signature_type":"Function","digest":{"function_hash":"36480780066444008084315036051470167371","length":451},"signature_version":"v1","target":{"file":"Modules/_remote_debugging_module.c","function":"find_frame_in_chunks"},"deprecated":false,"source":"https://github.com/python/cpython/commit/316f6265b7f9ca4ffed5346b747475ef1943f35d","id":"CVE-2026-5713-266e0e3e"},{"signature_type":"Function","digest":{"function_hash":"23673001623472090632997526213511537353","length":2320},"signature_version":"v1","target":{"file":"Modules/_remote_debugging_module.c","function":"_remote_debugging_RemoteUnwinder___init___impl"},"deprecated":false,"source":"https://github.com/python/cpython/commit/316f6265b7f9ca4ffed5346b747475ef1943f35d","id":"CVE-2026-5713-5aa714b8"},{"signature_type":"Function","digest":{"function_hash":"245981505972492190890653013322972258791","length":427},"signature_version":"v1","target":{"file":"Modules/_remote_debugging/asyncio.c","function":"read_async_debug"},"deprecated":false,"source":"https://github.com/python/cpython/commit/289fd2c97a7e5aecb8b69f94f5e838ccfeee7e67","id":"CVE-2026-5713-675f38c1"},{"signature_type":"Function","digest":{"function_hash":"336267078754507233895692800265045832709","length":3203},"signature_version":"v1","target":{"file":"Modules/_remote_debugging/module.c","function":"_remote_debugging_RemoteUnwinder___init___impl"},"deprecated":false,"source":"https://github.com/python/cpython/commit/289fd2c97a7e5aecb8b69f94f5e838ccfeee7e67","id":"CVE-2026-5713-69ac6341"},{"signature_type":"Function","digest":{"function_hash":"42568520184731819157788302753139868446","length":533},"signature_version":"v1","target":{"file":"Modules/_remote_debugging/frames.c","function":"find_frame_in_chunks"},"deprecated":false,"source":"https://github.com/python/cpython/commit/289fd2c97a7e5aecb8b69f94f5e838ccfeee7e67","id":"CVE-2026-5713-73e6f6cc"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["154369101293967237038745175943453341882","70741686929267821423958649029259500983","187702762548167601262330057507620516207","330883617293950193939203968526815134024","203241740307238504333504378599058256843","334017579599260608772497887781216791089","102785165037480089344419425717698065139","12159153284738911503283705827969832485","97369464338109856136602336089336516791","320228579165286373722569585320823642822","254097505792159030800901135630839785883","297295444819886776360825326696600298970","40871188566960555797534865343993917120","204605549872721594326556575498169706119","260225886543147551484568093290489680913","10890973065704760779058565016116937372","157876391673519883231775916615012091535","95468143904920739101499679098612306899","169811338141474229889964640036945872966","150003071285017334494616244123710064499","153713667884103464519352301069382464122","178622082556897497605004074932221108105","236564396193595019058132210971314991807","152086807615253876703030047474672125569","243136757518700513353262613171805775750","285708693124834684150283698736145713616","82154586460391812451986551836703406410","193915943557584955820597461367109601366","324977655739534484680364669447929522755","172875994508637988581630580447631477338","268177398782905625784657497019566427652"]},"signature_version":"v1","target":{"file":"Modules/_remote_debugging_module.c"},"deprecated":false,"source":"https://github.com/python/cpython/commit/316f6265b7f9ca4ffed5346b747475ef1943f35d","id":"CVE-2026-5713-7feb7058"},{"signature_type":"Function","digest":{"function_hash":"220648592042851214713592688769696726902","length":420},"signature_version":"v1","target":{"file":"Modules/_remote_debugging/asyncio.c","function":"ensure_async_debug_offsets"},"deprecated":false,"source":"https://github.com/python/cpython/commit/289fd2c97a7e5aecb8b69f94f5e838ccfeee7e67","id":"CVE-2026-5713-8b4535f2"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["149590914155636874669696007226452197698","260225886543147551484568093290489680913","10890973065704760779058565016116937372","157876391673519883231775916615012091535","95468143904920739101499679098612306899","31381927340001534216061549329048069732","114697188066321940155513418539802957569","297758372313771915193870983901370545217","16243910240824376198842730507195351206","214992813336529931958126309895145929143","277420593219157965054539149479059606812"]},"signature_version":"v1","target":{"file":"Modules/_remote_debugging/asyncio.c"},"deprecated":false,"source":"https://github.com/python/cpython/commit/289fd2c97a7e5aecb8b69f94f5e838ccfeee7e67","id":"CVE-2026-5713-8f2374a5"},{"signature_type":"Function","digest":{"function_hash":"140914305182492835418233589173880173566","length":1522},"signature_version":"v1","target":{"file":"Modules/_remote_debugging/module.c","function":"validate_debug_offsets"},"deprecated":false,"source":"https://github.com/python/cpython/commit/289fd2c97a7e5aecb8b69f94f5e838ccfeee7e67","id":"CVE-2026-5713-8f79bd88"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["202669564105719786428683120521353116508","243136757518700513353262613171805775750","285708693124834684150283698736145713616","82154586460391812451986551836703406410"]},"signature_version":"v1","target":{"file":"Modules/_remote_debugging/frames.c"},"deprecated":false,"source":"https://github.com/python/cpython/commit/289fd2c97a7e5aecb8b69f94f5e838ccfeee7e67","id":"CVE-2026-5713-995742ee"},{"signature_type":"Function","digest":{"function_hash":"282863474242457553084245483536917711810","length":1536},"signature_version":"v1","target":{"file":"Modules/_remote_debugging_module.c","function":"validate_debug_offsets"},"deprecated":false,"source":"https://github.com/python/cpython/commit/316f6265b7f9ca4ffed5346b747475ef1943f35d","id":"CVE-2026-5713-b013238d"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["183284707183075176221906497311761896164","128400124836604653930790894248897557804","254097505792159030800901135630839785883","297295444819886776360825326696600298970","40871188566960555797534865343993917120","139960504989181189296839754167187329900","193915943557584955820597461367109601366","324977655739534484680364669447929522755","172875994508637988581630580447631477338","268177398782905625784657497019566427652"]},"signature_version":"v1","target":{"file":"Modules/_remote_debugging/module.c"},"deprecated":false,"source":"https://github.com/python/cpython/commit/289fd2c97a7e5aecb8b69f94f5e838ccfeee7e67","id":"CVE-2026-5713-f3fdb1bb"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["298223400776913315262921146786735091506","222999565188564283060666387866510370610","102785165037480089344419425717698065139","244193805291779794716975476202033032583","20565281032612973554945880527344290634","194685666717727536801597506645175765752","50166351641283881063593890755576094205"]},"signature_version":"v1","target":{"file":"Modules/_remote_debugging/_remote_debugging.h"},"deprecated":false,"source":"https://github.com/python/cpython/commit/289fd2c97a7e5aecb8b69f94f5e838ccfeee7e67","id":"CVE-2026-5713-f8ff6759"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-5713.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"}]}