Author Guido
Recipients Guido, georg.brandl, gvanrossum, serhiy.storchaka, vstinner
Date 2014-12-16.00:39:58
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1418690398.53.0.216616576171.issue23055@psf.upfronthosting.co.za>
In-reply-to
Content
I'd also like to add that, although I agree with Guido van Rossum that the likelihood of even triggering this bug in a general programming context is low, there are two buffer overflows at play here (one stack-based and one heap-based), and given an adversary's control over the format and vargs parameters, I'd there is a reasonable likelihood of exploiting it to execute arbitrary code, since the one controlling the parameters has some control as to which bytes end up where outside buffer boundaries.
History
Date User Action Args
2014-12-16 00:39:58Guidosetrecipients: + Guido, gvanrossum, georg.brandl, vstinner, serhiy.storchaka
2014-12-16 00:39:58Guidosetmessageid: <1418690398.53.0.216616576171.issue23055@psf.upfronthosting.co.za>
2014-12-16 00:39:58Guidolinkissue23055 messages
2014-12-16 00:39:58Guidocreate