Issue 21831: integer overflow in 'buffer' type allows reading memory

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/66030

classification

Title:	integer overflow in 'buffer' type allows reading memory
Type:	security	Stage:	resolved
Components:	Interpreter Core	Versions:	Python 2.7

process

Status:	closed	Resolution:	fixed
Dependencies:		Superseder:
Assigned To:		Nosy List:	Arfrever, Henri.Salo, benjamin.peterson, python-dev
Priority:	release blocker	Keywords:

Created on 2014-06-24 03:11 by benjamin.peterson, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Messages (4)
msg221392 - (view)	Author: Benjamin Peterson (benjamin.peterson) *	Date: 2014-06-24 03:11
Reported by Chris Foster on the security list: $ ./python Python 2.7.7+ (2.7:8e0b7393e921, Jun 24 2014, 03:01:40) [GCC 4.4.3] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> a = bytearray('hola mundo') >>> b = buffer(a, 0x7fffffff, 0x7fffffff) >>> print repr(b[:0x100]) "\x00\x08\x11\x00\x00\x00\x00\x00\x00\x00\xa00_\xf7\x10\x00\x00\x00i\x03\x00\x00\x02\x00\x00\x00\xa0\xd1\x18\x08I\x03\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00Directory tree walk with callback function.\n\n For each directory in the directory tree rooted at top (including top\n itself, but excluding '.' and '..'), call func(arg, dirname, fnames).\n dirname is the na"
msg221393 - (view)	Author: Roundup Robot (python-dev)	Date: 2014-06-24 03:13
New changeset 8d963c7db507 by Benjamin Peterson in branch '2.7': avoid overflow with large buffer sizes and/or offsets (closes #21831) http://hg.python.org/cpython/rev/8d963c7db507
msg227578 - (view)	Author: Henri Salo (Henri.Salo)	Date: 2014-09-25 21:34
CVE-2014-7185
msg228341 - (view)	Author: Roundup Robot (python-dev)	Date: 2014-10-03 17:09
New changeset 5ef28c22dc24 by doko in branch '2.7': - Add CVE number for Issue #21831 https://hg.python.org/cpython/rev/5ef28c22dc24

History
Date	User	Action	Args
2022-04-11 14:58:05	admin	set	github: 66030
2014-10-03 17:09:10	python-dev	set	messages: + msg228341
2014-09-30 13:40:35	Arfrever	set	nosy: + Arfrever
2014-09-25 21:34:31	Henri.Salo	set	nosy: + Henri.Salo messages: + msg227578
2014-06-24 03:13:54	python-dev	set	status: open -> closed nosy: + python-dev messages: + msg221393 resolution: fixed stage: resolved
2014-06-24 03:11:23	benjamin.peterson	create