oss-sec mailing list archives
Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 25 Apr 2012 00:37:53 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/25/2012 12:35 AM, Kurt Seifried wrote:
Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated does not appear to affect Python 2.x memory leak/crashes/etc. http://bugs.python.org/issue14579 Author: Serhiy Storchaka (storchaka) Date: 2012-04-14 18:46 In the utf-16 decoder after calling unicode_decode_call_errorhandler aligned_end is not updated. This may potentially cause data leaks, memory damage, and crash. The bug introduced by implementation of the issue #4868. In a similar situation in the utf-8 decoder aligned_end is updated. ======== More discussion and links to the patches/etc. in the bug.
Please use CVE-2012-2135 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPl5vBAAoJEBYNRVNeJnmTc5wQANv/7hfBeBKnEdSktxtBVqIB 6YvNbWHzc4mAE8YmhghOaDEGhJ/0z8QpkypBglQAgPEUhOV06fhnHuLylCpGGQXC LfY4zY7LzZKvavlDlTJC++v4OIi3+gSqgGCXFR1f89uZiitFvt7KqnR7zf4kT1ID IbgZSSeQt9MxD6Pa3JEQYG3zdsyGW3YbF4dDWYjFTk7BQl/NcWxxr1jgLPHvJgUE C6EnCO2IWrGjhmqF0Po/7kBPMPYUALlFfDHsr16lMvtStBnXLT9Eyz0pdZzlkH04 8eOuaxmLR2OxGoK3ViCM16ib89IvjzJv/F3xZ3cpwBJmoKstgl6TR3pPE81bhoUv gZpwPa77QehivYDDiLc6Zek2aIWc1QNRv47x59DUJIchDomcHipSvUWTOB+8f913 qhbXuqKCeG1js5YBAE/zNnq3W2ub4op68tT1ZlVO/wcUdPhJvCbULBve/5wUGN+v 0g6rzUK+jSzaqK26shOvFIZZSgN7tDcrPJ1mKuqocQ/8+zAGJEw5Tlp+kJ6CGdjt 02lWmo9svNvTusYnNaMMbmcHcQx5kfKH/Ic4LkJ6C7tXr7/8DBoQ2yMOTc3etS+s hwiUAOXLBfbyLw/OQzG57s8brkapo5PYpAbRpKlaMCKHgunMKjPpQa1RYHBx4uoX VPDXf6hbjLBKrsNYM71g =xCOX -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Kurt Seifried (Apr 24)
- Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Kurt Seifried (Apr 24)
- <Possible follow-ups>
- CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Kurt Seifried (Apr 24)