socket.recvfrom_into() overflow

socket.recvfrom_into() fails to check that the supplied buffer object is big enough for the requested read and so will happily write off the end.

Dates:

  • Disclosure date: 2014-01-14 (Python issue bpo-20246 reported)

Fixed In

Python issue

buffer overflow in socket.recvfrom_into.

  • Python issue: bpo-20246
  • Creation date: 2014-01-14
  • Reporter: Ryan Smith-Roberts

CVE-2014-1912

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

Timeline

Timeline using the disclosure date 2014-01-14 as reference: