References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

https://github.com/python/cpython/commit/1274766d3c29007ab77245a72abbf8dce2a9db4d

https://github.com/python/cpython/commit/27522b7d6e6588f03e61099dd858cd5a9314e2f2

https://github.com/python/cpython/commit/95633d2aad4721e25e4dfd9f43dfb6e1edcbd741

The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected.

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-787

https://github.com/python/cpython/issues/148808

https://github.com/python/cpython/pull/148809

https://mail.python.org/archives/list/[email protected]/thread/KWTPIQBOOOUNQP7UFSLBI437NJDFLA3F/