oss-sec mailing list archives
CVE request? buffer overflow in socket.recvfrom_into
From: Raphael Geissert <geissert () debian org>
Date: Fri, 7 Feb 2014 23:54:11 +0100
Hi, A bug has been reported in python, where socket.recvfrom_into "fails to check that the supplied buffer object is big enough for the requested read and so will happily write off the end"[1]. Ryan Smith-Roberts goes on to say "while very highly unlikely it's technically remotely exploitable". Does anyone with a better python fu tell whether this should get a CVE id? A quick search on Debian's code doesn't really tell me much [2] I've been able to reproduce the bug in python 2.5 and greater, which confirms what the bug report says. [1] http://bugs.python.org/issue20246 [2] http://codesearch.debian.net/search?q=recvfrom_into%5C%28%5B%5E%5C%29%5D%2B%2C+filetype%3Apython+- package%3Apython2.7+-package%3Apython3.3+-package%3Apython3.4 Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- CVE request? buffer overflow in socket.recvfrom_into Raphael Geissert (Feb 07)
- Re: CVE request? buffer overflow in socket.recvfrom_into cve-assign (Feb 12)