Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN391
_____________________________________________________________________

DATE                : 16/04/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running CPython.

=====================================================================
https://mail.python.org/archives/list/security-announce@python.org/thread/OG4RHARYSNIE22GGOMVMCRH76L5HKPLM/
_____________________________________________________________________


[CVE-2026-5713] Out-of-bounds read/write during remote debugging when
connecting to malicious target

Seth Larson
14 avril 2026 15:13

There is a MEDIUM severity vulnerability affecting CPython.

The Python remote debugging feature could be used to read and write
addresses in a privileged process if that process connected to a malicious
or "infected" Python process via the remote debugging feature. This
vulnerability requires persistently and repeatedly connecting to the
process to be exploited, even after the connecting process crashes with
high likelihood due to ASLR.

Please see the linked CVE ID for the latest information on affected
versions:

    https://www.cve.org/CVERecord?id=CVE-2026-5713
    https://github.com/python/cpython/pull/148187



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================