[issue21831] integer overflow in 'buffer' type allows reading memory
Roundup Robot added the comment: New changeset 5ef28c22dc24 by doko in branch '2.7': - Add CVE number for Issue #21831 https://hg.python.org/cpython/rev/5ef28c22dc24 -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21831 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21831] integer overflow in 'buffer' type allows reading memory
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com: -- nosy: +Arfrever ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21831 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21831] integer overflow in 'buffer' type allows reading memory
Henri Salo added the comment: CVE-2014-7185 -- nosy: +Henri.Salo ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21831 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21831] integer overflow in 'buffer' type allows reading memory
New submission from Benjamin Peterson:
Reported by Chris Foster on the security list:
$ ./python
Python 2.7.7+ (2.7:8e0b7393e921, Jun 24 2014, 03:01:40)
[GCC 4.4.3] on linux2
Type help, copyright, credits or license for more information.
a = bytearray('hola mundo')
b = buffer(a, 0x7fff, 0x7fff)
print repr(b[:0x100])
\x00\x08\x11\x00\x00\x00\x00\x00\x00\x00\xa00_\xf7\x10\x00\x00\x00i\x03\x00\x00\x02\x00\x00\x00\xa0\xd1\x18\x08I\x03\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00Directory
tree walk with callback function.\n\nFor each directory in the directory
tree rooted at top (including top\nitself, but excluding '.' and '..'),
call func(arg, dirname, fnames).\ndirname is the na
--
components: Interpreter Core
messages: 221392
nosy: benjamin.peterson
priority: release blocker
severity: normal
status: open
title: integer overflow in 'buffer' type allows reading memory
type: security
versions: Python 2.7
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21831
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21831] integer overflow in 'buffer' type allows reading memory
Roundup Robot added the comment: New changeset 8d963c7db507 by Benjamin Peterson in branch '2.7': avoid overflow with large buffer sizes and/or offsets (closes #21831) http://hg.python.org/cpython/rev/8d963c7db507 -- nosy: +python-dev resolution: - fixed stage: - resolved status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21831 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
