CVE request? buffer overflow in socket.recvfrom_into

[Raphael Geissert <geissert () debian org>]

Hi,

A bug has been reported in python, where socket.recvfrom_into "fails to 
check that the supplied buffer object is big enough for the requested read 
and so will happily write off the end"[1]. Ryan Smith-Roberts goes on to say 
"while very highly unlikely it's technically remotely exploitable".

Does anyone with a better python fu tell whether this should get a CVE id? A 
quick search on Debian's code doesn't really tell me much [2]

I've been able to reproduce the bug in python 2.5 and greater, which 
confirms what the bug report says.


[1] http://bugs.python.org/issue20246
[2] 
http://codesearch.debian.net/search?q=recvfrom_into%5C%28%5B%5E%5C%29%5D%2B%2C+filetype%3Apython+-
package%3Apython2.7+-package%3Apython3.3+-package%3Apython3.4

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net