Author Iman Sharafaldin
Recipients Iman Sharafaldin
Date 2020-06-30.12:04:44
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1593518684.95.0.149768712012.issue41168@roundup.psfhosted.org>
In-reply-to
Content
I was testing the latest release of Python 3.6 (June 27, 2020) (https://www.python.org/ftp/python/3.6.11/Python-3.6.11.tgz) and I found that there is lack of enough checks on line number 956 in Objects/object.c file which can cause a segmentation fault. It could lead to security related issues. I've attached the PoC.pyc.


Program received signal SIGSEGV, Segmentation fault.
PyObject_SetAttr (v=v@entry=0x6d7373616c637463, name=0x7ffff7f75730, value=value@entry=0x0) at Objects/object.c:956
956	    PyTypeObject *tp = Py_TYPE(v);
History
Date User Action Args
2020-06-30 12:04:45Iman Sharafaldinsetrecipients: + Iman Sharafaldin
2020-06-30 12:04:44Iman Sharafaldinsetmessageid: <1593518684.95.0.149768712012.issue41168@roundup.psfhosted.org>
2020-06-30 12:04:44Iman Sharafaldinlinkissue41168 messages
2020-06-30 12:04:44Iman Sharafaldincreate