[issue21831] integer overflow in 'buffer' type allows reading memory
Roundup Robot added the comment: New changeset 5ef28c22dc24 by doko in branch '2.7': - Add CVE number for Issue #21831 https://hg.python.org/cpython/rev/5ef28c22dc24 -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21831 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21831] integer overflow in 'buffer' type allows reading memory
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com: -- nosy: +Arfrever ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21831 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21831] integer overflow in 'buffer' type allows reading memory
Henri Salo added the comment: CVE-2014-7185 -- nosy: +Henri.Salo ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21831 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21831] integer overflow in 'buffer' type allows reading memory
New submission from Benjamin Peterson: Reported by Chris Foster on the security list: $ ./python Python 2.7.7+ (2.7:8e0b7393e921, Jun 24 2014, 03:01:40) [GCC 4.4.3] on linux2 Type help, copyright, credits or license for more information. a = bytearray('hola mundo') b = buffer(a, 0x7fff, 0x7fff) print repr(b[:0x100]) \x00\x08\x11\x00\x00\x00\x00\x00\x00\x00\xa00_\xf7\x10\x00\x00\x00i\x03\x00\x00\x02\x00\x00\x00\xa0\xd1\x18\x08I\x03\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00Directory tree walk with callback function.\n\nFor each directory in the directory tree rooted at top (including top\nitself, but excluding '.' and '..'), call func(arg, dirname, fnames).\ndirname is the na -- components: Interpreter Core messages: 221392 nosy: benjamin.peterson priority: release blocker severity: normal status: open title: integer overflow in 'buffer' type allows reading memory type: security versions: Python 2.7 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21831 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21831] integer overflow in 'buffer' type allows reading memory
Roundup Robot added the comment: New changeset 8d963c7db507 by Benjamin Peterson in branch '2.7': avoid overflow with large buffer sizes and/or offsets (closes #21831) http://hg.python.org/cpython/rev/8d963c7db507 -- nosy: +python-dev resolution: - fixed stage: - resolved status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21831 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com