Date: Fri, 7 Feb 2014 23:54:11 +0100 From: Raphael Geissert <geissert@...ian.org> To: oss-security@...ts.openwall.com Subject: CVE request? buffer overflow in socket.recvfrom_into Hi, A bug has been reported in python, where socket.recvfrom_into "fails to check that the supplied buffer object is big enough for the requested read and so will happily write off the end". Ryan Smith-Roberts goes on to say "while very highly unlikely it's technically remotely exploitable". Does anyone with a better python fu tell whether this should get a CVE id? A quick search on Debian's code doesn't really tell me much  I've been able to reproduce the bug in python 2.5 and greater, which confirms what the bug report says.  http://bugs.python.org/issue20246  http://codesearch.debian.net/search?q=recvfrom_into%5C%28%5B%5E%5C%29%5D%2B%2C+filetype%3Apython+- package%3Apython2.7+-package%3Apython3.3+-package%3Apython3.4 Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.