[Python-Dev] Python Remote Code Execution in socket.recvfrom_into()

Antoine Pitrou solipsis at pitrou.net
Tue Feb 25 14:17:28 CET 2014

On Tue, 25 Feb 2014 08:08:09 -0500
Donald Stufft <donald at stufft.io> wrote:
> Hash randomization is broken and doesn’t fix anything.

Not sure what you mean with "doesn't fix anything". Hash collisions were
easy to exploit pre-hash randomization, they doesn't seem as easy to
exploit with it.



More information about the Python-Dev mailing list