Message 232692 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Guido
Recipients	Guido, georg.brandl, gvanrossum, serhiy.storchaka, vstinner
Date	2014-12-16.00:39:58
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1418690398.53.0.216616576171.issue23055@psf.upfronthosting.co.za>
In-reply-to

Content
I'd also like to add that, although I agree with Guido van Rossum that the likelihood of even triggering this bug in a general programming context is low, there are two buffer overflows at play here (one stack-based and one heap-based), and given an adversary's control over the format and vargs parameters, I'd there is a reasonable likelihood of exploiting it to execute arbitrary code, since the one controlling the parameters has some control as to which bytes end up where outside buffer boundaries.

I'd also like to add that, although I agree with Guido van Rossum that the likelihood of even triggering this bug in a general programming context is low, there are two buffer overflows at play here (one stack-based and one heap-based), and given an adversary's control over the format and vargs parameters, I'd there is a reasonable likelihood of exploiting it to execute arbitrary code, since the one controlling the parameters has some control as to which bytes end up where outside buffer boundaries.

History
Date	User	Action	Args
2014-12-16 00:39:58	Guido	set	recipients: + Guido, gvanrossum, georg.brandl, vstinner, serhiy.storchaka
2014-12-16 00:39:58	Guido	set	messageid: <1418690398.53.0.216616576171.issue23055@psf.upfronthosting.co.za>
2014-12-16 00:39:58	Guido	link	issue23055 messages
2014-12-16 00:39:58	Guido	create