VuXML: Python -- buffer overflow in socket.recvfrom

Affected packages

python27

2.7.6_3

python31

3.1.5_10

python32

3.2.5_7

python33

3.3.3_2

Details

VuXML ID	8e5e6d42-a0fa-11e3-b09a-080027f2d077
Discovery	2014-01-14
Entry	2014-03-01

VuXML ID

8e5e6d42-a0fa-11e3-b09a-080027f2d077

Discovery

2014-01-14

Entry

2014-03-01

Vincent Danen via Red Hat Issue Tracker reports:

A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code.

This vulnerable function, socket.recvfrom_into(), was introduced in Python 2.5. Earlier versions are not affected by this flaw.

[source]

Bugtraq ID	65379
CVE Name	CVE-2014-1912
Message	https://mail.python.org/pipermail/python-dev/2014-February/132758.html
URL	http://bugs.python.org/issue20246
URL	https://bugzilla.redhat.com/show_bug.cgi?id=1062370

Python -- buffer overflow in socket.recvfrom_into()

Details

References