[issue34656] [CVE-2018-20406] memory exhaustion in Modules/_pickle.c:1393
STINNER Victor
report at bugs.python.org
Mon Jan 21 15:58:29 EST 2019
STINNER Victor <vstinner at redhat.com> added the comment:
Python 2.7 is not affected:
* Python 2.7 has no C accelerator _pickle (Modules/_pickle.c)
* Python 2.7 doesn't support protocol 4 (attached proof of concept)
I reopen the issue because the issue should be fixed in 3.4 and 3.5 as well, since it has been marked as a vulnerability (it got a CVE number).
----------
nosy: +vstinner
resolution: fixed ->
status: closed -> open
versions: +Python 3.4, Python 3.5, Python 3.6, Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue34656>
_______________________________________
More information about the Python-bugs-list
mailing list