[New-bugs-announce] [issue46280] About vulnerabilities in Cpython native code
Xinrong Lin
report at bugs.python.org
Thu Jan 6 08:07:52 EST 2022
New submission from Xinrong Lin <414039482 at qq.com>:
I am currently doing some research on the security of CPython. I used the open source vulnerability analysis engine, Infer(https://fbinfer.com/), to scan the native code of CPython 3.10.0.
The scan results show that there are still a number of vulnerabilities in the CPython native code, such as Null dereference, Uninitialized variable, Resource/Memory leak, etc. Moreover, I found that some of the vulnerabilities are related to Python/C API. I enclose the vulnerability report for your reference.
Based on the research of the result, I tried to design a tool to automatically detect and repair vulnerabilities in CPython and make this tool available. See:
https://github.com/PVMPATCH/PVMPatch
Python is my favourite programming language. I sincerely hope that I can help Python become stronger and safer. I hope this discovery can be useful for you to develop Python in the future.
----------
components: Build
files: CPython3.10.0_vulnerability_report.txt
messages: 409841
nosy: 414039482
priority: normal
severity: normal
status: open
title: About vulnerabilities in Cpython native code
type: security
versions: Python 3.10
Added file: https://bugs.python.org/file50544/CPython3.10.0_vulnerability_report.txt
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue46280>
_______________________________________
More information about the New-bugs-announce
mailing list