.. _socket-recvfrom_into-overflow: socket.recvfrom_into() overflow =============================== .. warning:: This resource is maintained for historical reference and **does not contain the latest vulnerability info for Python**. The `canonical database for vulnerabilities affecting Python `_ is available on GitHub in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the `Open Source Vulnerability Database `_. ``socket.recvfrom_into()`` fails to check that the supplied buffer object is big enough for the requested read and so will happily write off the end. Dates: * Disclosure date: **2014-01-14** (Python issue bpo-20246 reported) Fixed In -------- * Python **2.7.7** (2014-05-31) fixed by `commit 28cf368 (branch 2.7) `_ (2014-01-14) * Python **3.2.6** (2014-10-12) fixed by `commit fbf648e (branch 3.3) `_ (2014-01-14) * Python **3.3.4** (2014-02-09) fixed by `commit fbf648e (branch 3.3) `_ (2014-01-14) * Python **3.4.0** (2014-03-16) fixed by `commit fbf648e (branch 3.3) `_ (2014-01-14) Python issue ------------ buffer overflow in socket.recvfrom_into. * Python issue: `bpo-20246 `_ * Creation date: 2014-01-14 * Reporter: Ryan Smith-Roberts CVE-2014-1912 ------------- Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. * CVE ID: `CVE-2014-1912 `_ * Published: 2014-03-01 * `CVSS Score `_: 7.5 Timeline -------- Timeline using the disclosure date **2014-01-14** as reference: * 2014-01-14: `Python issue bpo-20246 `_ reported by Ryan Smith-Roberts * 2014-01-14: `commit 28cf368 (branch 2.7) `_ * 2014-01-14: `commit fbf648e (branch 3.3) `_ * 2014-02-09 (**+26 days**): Python 3.3.4 released * 2014-03-01 (**+46 days**): CVE-2014-1912 published * 2014-03-16: Python 3.4.0 released * 2014-05-31 (**+137 days**): Python 2.7.7 released * 2014-10-12 (**+271 days**): Python 3.2.6 released