Pablogsal

**Name of the Vulnerable Software and Affected Versions** CPython versions 3.14 and later **Description** The profiling.sampling module and asyncio introspection capabilities, specifically the 'python -m asyncio ps' and 'python -m asyncio pstree' commands, allow for out-of-bounds read and write operations of addresses in a privileged process. This occurs if the privileged process connects to a malicious Python process through the remote debugging feature. Exploitation requires persistent and repeated connections to the process, as Address Space Layout Randomization (ASLR)—a security technique that randomly arranges the address space positions of key data areas of a process—makes the connecting process likely to crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.