oss-sec mailing list archives

CVE Request: heap overflow in Python zipimport module

From: Insu Yun <wuninsu () gmail com>
Date: Wed, 15 Jun 2016 10:28:02 -0400

Hello.
In Python zipimport module,
if compress != 0, then bytes_size = data_size + 1
data_size is not sanitized, so if data_size = -1,
then it overflows and becomes 0.

In that case, python allocates small heap, but after that in freed, it
overflows heap.
Fix info https://bugs.python.org/issue26171
Please help assign a CVE to this vulnerability.
Thank you.

-- 
Regards
Insu Yun

Current thread:

CVE Request: heap overflow in Python zipimport module Insu Yun (Jun 15)
- Re: CVE Request: heap overflow in Python zipimport module cve-assign (Jun 16)