[Python-Dev] Python Remote Code Execution in socket.recvfrom_into()

Victor Stinner victor.stinner at gmail.com
Tue Feb 25 11:07:13 CET 2014


2014-02-25 8:39 GMT+01:00 Christian Heimes <christian at python.org>:
> this looks pretty serious -- and it caught me off guard, too. :(
> https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/

I don't think that the issue is critical.

Extract of the article "Diving into SocketServer() luckily
socket.recvfrom_into() isn’t even used". In fact, I didn't find any
usage of the method except of unit test. Do you know which
applications are vulnerable?


More information about the Python-Dev mailing list