oss-sec mailing list archives
CVE-Request: heap overflow in Python
From: Insu Yun <wuninsu () gmail com>
Date: Fri, 10 Jun 2016 17:02:58 -0400
Hello. In zipimport module, if compress != 0, then bytes_size = data_size + 1 data_size is not sanitized, so if data_size = -1, then it overflows and becomes 0. In that case bytes_size becomes 1 and python allocates small heap, but after that in fread, it overflows heap. Fix info https://bugs.python.org/issue26171 Please help assign a CVE to this vulnerability. Thank you. -- Regards Insu Yun
Current thread:
- CVE-Request: heap overflow in Python Insu Yun (Jun 10)