[New-bugs-announce] [issue41168] Lack of proper checking in PyObject_SetAttr leads to segmentation fault
Iman Sharafodin
report at bugs.python.org
Tue Jun 30 08:04:44 EDT 2020
New submission from Iman Sharafodin <iman.sharafodin at gmail.com>:
I was testing the latest release of Python 3.6 (June 27, 2020) (https://www.python.org/ftp/python/3.6.11/Python-3.6.11.tgz) and I found that there is lack of enough checks on line number 956 in Objects/object.c file which can cause a segmentation fault. It could lead to security related issues. I've attached the PoC.pyc.
Program received signal SIGSEGV, Segmentation fault.
PyObject_SetAttr (v=v at entry=0x6d7373616c637463, name=0x7ffff7f75730, value=value at entry=0x0) at Objects/object.c:956
956 PyTypeObject *tp = Py_TYPE(v);
----------
components: Interpreter Core
files: PoC.pyc
messages: 372683
nosy: Iman Sharafodin
priority: normal
severity: normal
status: open
title: Lack of proper checking in PyObject_SetAttr leads to segmentation fault
type: security
versions: Python 3.6
Added file: https://bugs.python.org/file49280/PoC.pyc
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue41168>
_______________________________________
More information about the New-bugs-announce
mailing list