Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 7 Feb 2014 23:54:11 +0100
From: Raphael Geissert <geissert@...ian.org>
To: oss-security@...ts.openwall.com
Subject: CVE request? buffer overflow in socket.recvfrom_into

Hi,

A bug has been reported in python, where socket.recvfrom_into "fails to 
check that the supplied buffer object is big enough for the requested read 
and so will happily write off the end"[1]. Ryan Smith-Roberts goes on to say 
"while very highly unlikely it's technically remotely exploitable".

Does anyone with a better python fu tell whether this should get a CVE id? A 
quick search on Debian's code doesn't really tell me much [2]

I've been able to reproduce the bug in python 2.5 and greater, which 
confirms what the bug report says.


[1] http://bugs.python.org/issue20246
[2] 
http://codesearch.debian.net/search?q=recvfrom_into%5C%28%5B%5E%5C%29%5D%2B%2C+filetype%3Apython+-
package%3Apython2.7+-package%3Apython3.3+-package%3Apython3.4

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.