[Python-Dev] Fuzzing the Python standard library
Michael Selik
mike at selik.org
Tue Jul 17 18:15:09 EDT 2018
On Tue, Jul 17, 2018 at 4:57 PM Jussi Judin <jjudin+python at iki.fi> wrote:
> Quick answer: undocumented billion laughs/exponential entity expansion
> type of an attack that is accessible through web through any library that
> uses fractions module to parse user input (that are actually available on
> Github).
>
Are you suggesting a warning in the fractions documentation to mention that
large numbers require large amounts of memory?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20180717/45d02a2a/attachment.html>
More information about the Python-Dev
mailing list