socket.recvfrom_into() overflow¶
socket.recvfrom_into()
fails to check that the supplied buffer object
is big enough for the requested read and so will happily write off the end.
Dates:
- Disclosure date: 2014-01-14 (Python issue bpo-20246 reported)
Fixed In¶
- Python 2.7.7 (2014-05-31) fixed by commit 28cf368 (branch 2.7) (2014-01-14)
- Python 3.2.6 (2014-10-11) fixed by commit fbf648e (branch 3.3) (2014-01-14)
- Python 3.3.4 (2014-02-09) fixed by commit fbf648e (branch 3.3) (2014-01-14)
- Python 3.4.0 (2014-03-16) fixed by commit fbf648e (branch 3.3) (2014-01-14)
Python issue¶
buffer overflow in socket.recvfrom_into.
- Python issue: bpo-20246
- Creation date: 2014-01-14
- Reporter: Ryan Smith-Roberts
CVE-2014-1912¶
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
- CVE ID: CVE-2014-1912
- Published: 2014-03-01
- CVSS Score: 7.5
Timeline¶
Timeline using the disclosure date 2014-01-14 as reference:
- 2014-01-14: Python issue bpo-20246 reported by Ryan Smith-Roberts
- 2014-01-14 (+0 days): commit 28cf368 (branch 2.7)
- 2014-01-14 (+0 days): commit fbf648e (branch 3.3)
- 2014-02-09 (+26 days): Python 3.3.4 released
- 2014-03-01 (+46 days): CVE-2014-1912 published
- 2014-03-16: Python 3.4.0 released
- 2014-05-31 (+137 days): Python 2.7.7 released
- 2014-10-11 (+270 days): Python 3.2.6 released