Описание
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python2.5 | removed | package | ||
| python2.5 | no-dsa | squeeze | package | |
| python2.6 | removed | package | ||
| python2.6 | no-dsa | wheezy | package | |
| python2.7 | fixed | 2.7.6-6 | package | |
| python3.1 | removed | package | ||
| python3.1 | no-dsa | squeeze | package | |
| python3.2 | removed | package | ||
| python3.2 | no-dsa | wheezy | package | |
| python3.3 | fixed | 3.3.5-1 | package | |
| python3.4 | fixed | 3.4.0-1 | package |
Примечания
http://bugs.python.org/issue20246
https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/
EPSS
Связанные уязвимости
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
ELSA-2015-1330: python security, bug fix, and enhancement update (MODERATE)
EPSS