Python : Buffer overflow

Classification

OWASP ASVS

Configuration Validation, Sanitization and Encoding

PCI DSS 4.0

6.2.4

CWE

CWE-119 CWE-120 CWE-121 CWE-122 CWE-125 CWE-787

CWE/SANS Top 25 2011

CWE-120

CWE/SANS Top 25 2021

CWE-119 CWE-125 CWE-787

Overview

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

References

Vulnerability Summary for CVE-2014-1912
Vulnerability Summary for CVE-2016-5636
Issue20246 - bugs.python.org

LOW

Python : Buffer overflow

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Python : Buffer overflow in your application?

See also

Python : Debug mode on

Python : Web3: Deprecated method

Python : Unsafe padding