[Python-Dev] Python Remote Code Execution in socket.recvfrom_into()

Benjamin Peterson benjamin at python.org
Tue Feb 25 15:41:17 CET 2014

On Mon, Feb 24, 2014, at 11:39 PM, Christian Heimes wrote:
> Hash: SHA512
> Hi,
> this looks pretty serious -- and it caught me off guard, too. :(
> https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/
> Next time please inform the Python Security Response Team about any
> and all issues that are related to buffer overflows or similar bugs.
> In fact please drop a note about anything that even remotely look like
> an exploitable issue. Even public bug reports should be forwarded to

I'm not sure why you think it wasn't sent to security@

More information about the Python-Dev mailing list