USN-2125-1: Python vulnerability

03 March 2014

Python could be made to crash or run programs if it received specially crafted network traffic.

Releases

Packages

  • python2.6 - An interactive high-level object-oriented language
  • python2.7 - An interactive high-level object-oriented language
  • python3.2 - An interactive high-level object-oriented language
  • python3.3 - An interactive high-level object-oriented language

Details

Ryan Smith-Roberts discovered that Python incorrectly handled buffer sizes
when using the socket.recvfrom_into() function. An attacker could possibly
use this issue to cause Python to crash, resulting in denial of service, or
possibly execute arbitrary code.

References