[docs] Potential vulnerabilities in python (2.7.8)

Hádrian R romerox.adrian at gmail.com
Wed Aug 13 00:55:10 CEST 2014

Hi, I'm Hádrien Romero Soria - @Kaiwaiata​​, I am a 16 year old boy,
passionate about computer security, since more than 2h searching and
finding various possible vulnerabilities in source code of python..
I will tell you some vulnerabilities now, if they treat me well I will tell
the other..

foolish or important things?

*#* unsafe use of *strcpy()*:

*lines: 83: strcpy(buf, path);*

*lines: **437: **strcpy(buf, path);*

*lines: 704: **strcpy(path, archive);*

*#* if an attacker manages to take control of '*buf, path, archive'*, may
cause a *buffer overflow*, probably if which would be directed toward
*.bss *it's not too dangerous but is a vulnerability.

i hope answer, thanks a lot!,
HádrienR - kaiwaiata.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/docs/attachments/20140813/28cecb49/attachment.html>

More information about the docs mailing list