[issue37495] [CVE-2016-10739] socket.inet_aton parsing issue on some libc versions
STINNER Victor
report at bugs.python.org
Fri Jul 5 06:19:00 EDT 2019
STINNER Victor <vstinner at redhat.com> added the comment:
I take the freedom of assigning CVE-2016-10739 to this Python issue, even if CVE-2016-10739 was reported to the glibc (not to Python).
"In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings."
https://access.redhat.com/security/cve/cve-2016-10739
----------
title: socket.inet_aton parsing issue on some libc versions -> [CVE-2016-10739] socket.inet_aton parsing issue on some libc versions
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue37495>
_______________________________________
More information about the Python-bugs-list
mailing list