[issue23055] PyUnicode_FromFormatV crasher
Guido Vranken
report at bugs.python.org
Tue Dec 16 01:39:58 CET 2014
Guido Vranken added the comment:
I'd also like to add that, although I agree with Guido van Rossum that the likelihood of even triggering this bug in a general programming context is low, there are two buffer overflows at play here (one stack-based and one heap-based), and given an adversary's control over the format and vargs parameters, I'd there is a reasonable likelihood of exploiting it to execute arbitrary code, since the one controlling the parameters has some control as to which bytes end up where outside buffer boundaries.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue23055>
_______________________________________
More information about the Python-bugs-list
mailing list