There is a HIGH severity vulnerability affecting {project}.
The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows
only) was missing a boundary check for the data buffer when using nbytes
parameter. This allowed for an out-of-bounds buffer write if data was
larger than the buffer size. Non-Windows platforms are not affected.
Please see the linked CVE ID for the latest information on affected
versions:
* https://www.cve.org/CVERecord?id=CVE-2026-3298
* https://github.com/python/cpython/pull/148809
_______________________________________________
Security-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/security-announce.python.org
Member address: [email protected]
