diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2014-11-26 13:49:06 +0100 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2015-07-06 20:19:38 +0200 |
commit | 4ec7570ee9c2226cfa0341c7e0b35362b7b68278 (patch) | |
tree | f6669d7fd5bfaf05bb295e1e24501de091da3456 /meta/recipes-devtools/cdrtools | |
parent | 8364d34ae4a1ee0c7645bf0c338ebc297a1f6bdd (diff) | |
download | poky-4ec7570ee9c2226cfa0341c7e0b35362b7b68278.tar.gz |
python: CVE-2014-4616
Fix for _json module arbitrary process memory read vulnerability
http://bugs.python.org/issue21529
Python 2 and 3 are susceptible to arbitrary process memory reading
by a user or adversary due to a bug in the _json module caused by
insufficient bounds checking.
The sole prerequisites of this attack are that the attacker is able to control
or influence the two parameters of the default scanstring function: the string
to be decoded and the index. The bug is caused by allowing the user to supply
a negative index value. The index value is then used directly as an index to
an array in the C code; internally the address of the array and its index are
added to each other in order to yield the address of the value that is desired.
However, by supplying a negative index value and adding this to the address of
the array, the processor's register value wraps around and the calculated value
will point to a position in memory which isn't within the bounds of the
supplied string, causing the function to access other parts of the process
memory.
Signed-off-by: Benjamin Peterson <benjamin@python.org> Applied to
python-native recipe in order to fix the above mentioned vulnerability.
Upstream-Status: Backport
Signed-off-by: Daniel BORNAZ <daniel.bornaz@enea.com>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Diffstat (limited to 'meta/recipes-devtools/cdrtools')
0 files changed, 0 insertions, 0 deletions