{"id":"PYSEC-2019-130","details":"typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)","aliases":["CVE-2019-19274","GHSA-m3jw-62m7-jjcm"],"modified":"2023-11-01T04:50:48.648851Z","published":"2019-11-26T15:15:00Z","references":[{"type":"FIX","url":"https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce"},{"type":"FIX","url":"https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b"},{"type":"FIX","url":"https://github.com/python/cpython/commit/dcfcd146f8e6fc5c2fc16a4c192a0c5f5ca8c53c"},{"type":"FIX","url":"https://github.com/python/cpython/commit/a4d78362397fc3bced6ea80fbc7b5f4827aec55e"},{"type":"WEB","url":"https://bugs.python.org/issue36495"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LG5H4Q6LFVRX7SFXLBEJMNQFI4T5SCEA/"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-m3jw-62m7-jjcm"}],"affected":[{"package":{"name":"typed-ast","ecosystem":"PyPI","purl":"pkg:pypi/typed-ast"},"ranges":[{"type":"GIT","repo":"https://github.com/python/typed_ast","events":[{"introduced":"0"},{"fixed":"156afcb26c198e162504a57caddfe0acd9ed7dce"},{"fixed":"dc317ac9cff859aa84eeabe03fb5004982545b3b"}]},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"dcfcd146f8e6fc5c2fc16a4c192a0c5f5ca8c53c"},{"fixed":"a4d78362397fc3bced6ea80fbc7b5f4827aec55e"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.2"}]}],"versions":["0.5","0.5.1","0.5.2","0.5.3","0.5.4","0.5.5","0.5.6","0.6.0","0.6.1","0.6.2","0.6.3","1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.1.0","1.1.1","1.1.2","1.2.0","1.3.0","1.3.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/typed-ast/PYSEC-2019-130.yaml"}}],"schema_version":"1.7.3"}