What is {project}?
--Guido
On Tue, Apr 21, 2026 at 07:51 Seth Larson <[email protected]> wrote:
> There is a HIGH severity vulnerability affecting {project}.
>
> The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows
> only) was missing a boundary check for the data buffer when using nbytes
> parameter. This allowed for an out-of-bounds buffer write if data was
> larger than the buffer size. Non-Windows platforms are not affected.
>
> Please see the linked CVE ID for the latest information on affected
> versions:
>
> * https://www.cve.org/CVERecord?id=CVE-2026-3298
> * https://github.com/python/cpython/pull/148809
> _______________________________________________
> Security-announce mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> https://mail.python.org/mailman3//lists/security-announce.python.org
> Member address: [email protected]
>
_______________________________________________
Security-SIG mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/security-sig.python.org
Member address: [email protected]
