[Python-Dev] Python Remote Code Execution in socket.recvfrom_into()

Chris Angelico rosuav at gmail.com
Tue Feb 25 14:12:15 CET 2014


On Wed, Feb 26, 2014 at 12:07 AM, Maciej Fijalkowski <fijall at gmail.com> wrote:
> No, the hash randomization is broken, it does not provide enough
> randomness (without changing the hash function which only happened in
> 3.4+)

Hmm, I don't remember reading about that - got a link to more info? Or
was that report kept quieter?

ChrisA


More information about the Python-Dev mailing list