Date: Fri, 10 Jun 2016 17:02:58 -0400 From: Insu Yun <wuninsu@...il.com> To: oss-security@...ts.openwall.com, Yeongjin Jang <Yeongjin.jang@...ech.edu> Subject: CVE-Request: heap overflow in Python Hello. In zipimport module, if compress != 0, then bytes_size = data_size + 1 data_size is not sanitized, so if data_size = -1, then it overflows and becomes 0. In that case bytes_size becomes 1 and python allocates small heap, but after that in fread, it overflows heap. Fix info https://bugs.python.org/issue26171 Please help assign a CVE to this vulnerability. Thank you. -- Regards Insu Yun
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ