zlib vulnerabilities and python
Erno Kuusela
erno-news at erno.iki.fi
Wed Mar 13 08:04:39 EST 2002
In article <e_Dj8.31522$l93.6228619 at newsb.telia.net>, "Fredrik Lundh"
<fredrik at pythonware.com> writes:
| Robin Becker wrote:
|| Does the recent zlib double free vulnerability impact zlib.pyd?
| only if the guys implementing your C library decided to inter-
| pret "undefined behaviour" as "force the operating system to
| run code designed to take over the computer".
|
| dunno about MSVC; the CRT documentation only says that
| things like this may "cause errors".
many malloc implementations use doubly linked lists in a way that
could make them vulnerable to this sort of exploit.
for the general idea see
eg http://security-archive.merton.ox.ac.uk/bugtraq-200010/0084.html
-- erno
More information about the Python-list
mailing list