oss-sec mailing list archives
Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated
From: Henri Salo <henri () nerv fi>
Date: Wed, 25 Apr 2012 09:56:06 +0300
On Wed, Apr 25, 2012 at 12:37:53AM -0600, Kurt Seifried wrote:
On 04/25/2012 12:35 AM, Kurt Seifried wrote:Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated does not appear to affect Python 2.x memory leak/crashes/etc. http://bugs.python.org/issue14579 Author: Serhiy Storchaka (storchaka) Date: 2012-04-14 18:46 In the utf-16 decoder after calling unicode_decode_call_errorhandler aligned_end is not updated. This may potentially cause data leaks, memory damage, and crash. The bug introduced by implementation of the issue #4868. In a similar situation in the utf-8 decoder aligned_end is updated. ======== More discussion and links to the patches/etc. in the bug.Please use CVE-2012-2135 for this issue.
Reported to Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670389 - Henri Salo
Current thread:
- CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Kurt Seifried (Apr 24)
- Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Kurt Seifried (Apr 24)
- Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Henri Salo (Apr 24)
- <Possible follow-ups>
- CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Kurt Seifried (Apr 24)
- Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Kurt Seifried (Apr 24)