Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 10 Jun 2016 17:02:58 -0400
From: Insu Yun <wuninsu@...il.com>
To: oss-security@...ts.openwall.com, Yeongjin Jang <Yeongjin.jang@...ech.edu>
Subject: CVE-Request: heap overflow in Python

Hello.
In zipimport module,
if compress != 0, then bytes_size = data_size + 1
data_size is not sanitized, so if data_size = -1,
then it overflows and becomes 0.
In that case bytes_size becomes 1 and python allocates small heap,
but after that in fread, it overflows heap.

Fix info
https://bugs.python.org/issue26171

Please help assign a CVE to this vulnerability.

Thank you.

-- 
Regards
Insu Yun

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ