[New-bugs-announce] [issue13891] CPU DoS With Python's socket module

John Zimmerman report at bugs.python.org
Fri Jan 27 18:33:53 CET 2012

New submission from John Zimmerman <johzimme at cisco.com>:

Python's socket module as included in Ubuntu Lucid (python version 2.6.5) does not correctly handle and exclude malformed UDP packets. This means that UDP listening programs written in python on this version are susceptible to malformed-UDP-packet based DoS attacks which cause severe CPU spikes in the python process. The spikes to recover once the attacks cease. If malformed UDP packets are properly identified in the library and excluded this will protect all UDP listening software written in python and using the standard sockets module from similar attacks. Currently all such software is vulnerable to such attacks.

components: Library (Lib)
messages: 152103
nosy: johzimme
priority: normal
severity: normal
status: open
title: CPU DoS With Python's socket module
type: security
versions: Python 2.6

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list