Issue 21831: integer overflow in 'buffer' type allows reading memory

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/66030

classification

Title:	integer overflow in 'buffer' type allows reading memory
Type:	security	Stage:	resolved
Components:	Interpreter Core	Versions:	Python 2.7

process

Dependencies:	Superseder:
Status:	closed	Resolution:	fixed
Assigned To:	Nosy List:	Arfrever, Henri.Salo, benjamin.peterson, python-dev
Priority:	release blocker	Keywords:

Created on 2014年06月24日 03:11 by benjamin.peterson, last changed 2022年04月11日 14:58 by admin. This issue is now closed.

Messages (4)
msg221392 - (view)	Author: Benjamin Peterson (benjamin.peterson) * (Python committer)	Date: 2014年06月24日 03:11
Reported by Chris Foster on the security list: $ ./python Python 2.7.7+ (2.7:8e0b7393e921, Jun 24 2014, 03:01:40) [GCC 4.4.3] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> a = bytearray('hola mundo') >>> b = buffer(a, 0x7fffffff, 0x7fffffff) >>> print repr(b[:0x100]) "\x00\x08\x11\x00\x00\x00\x00\x00\x00\x00\xa00_\xf7\x10\x00\x00\x00i\x03\x00\x00\x02\x00\x00\x00\xa0\xd1\x18\x08I\x03\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00Directory tree walk with callback function.\n\n For each directory in the directory tree rooted at top (including top\n itself, but excluding '.' and '..'), call func(arg, dirname, fnames).\n dirname is the na"
msg221393 - (view)	Author: Roundup Robot (python-dev) (Python triager)	Date: 2014年06月24日 03:13
New changeset 8d963c7db507 by Benjamin Peterson in branch '2.7': avoid overflow with large buffer sizes and/or offsets (closes #21831) http://hg.python.org/cpython/rev/8d963c7db507
msg227578 - (view)	Author: Henri Salo (Henri.Salo)	Date: 2014年09月25日 21:34
CVE-2014-7185
msg228341 - (view)	Author: Roundup Robot (python-dev) (Python triager)	Date: 2014年10月03日 17:09
New changeset 5ef28c22dc24 by doko in branch '2.7': - Add CVE number for Issue #21831 https://hg.python.org/cpython/rev/5ef28c22dc24

History
Date	User	Action	Args
2022年04月11日 14:58:05	admin	set	github: 66030
2014年10月03日 17:09:10	python-dev	set	messages: + msg228341
2014年09月30日 13:40:35	Arfrever	set	nosy: + Arfrever
2014年09月25日 21:34:31	Henri.Salo	set	nosy: + Henri.Salo messages: + msg227578
2014年06月24日 03:13:54	python-dev	set	status: open -> closed nosy: + python-dev messages: + msg221393 resolution: fixed stage: resolved
2014年06月24日 03:11:23	benjamin.peterson	create

homepage