zlib vulnerabilities and python
Erno Kuusela
erno-news at erno.iki.fi
Wed Mar 13 06:59:31 EST 2002
In article <e_Dj8.31522$l93.6228619 at newsb.telia.net>, "Fredrik Lundh"
<fredrik at pythonware.com> writes:
| Robin Becker wrote:
|| Does the recent zlib double free vulnerability impact zlib.pyd?
| only if the guys implementing your C library decided to inter-
| pret "undefined behaviour" as "force the operating system to
| run code designed to take over the computer".
|
| dunno about MSVC; the CRT documentation only says that
| things like this may "cause errors".
many malloc implementations use doubly linked lists in a way that
could make them vulnerable to this sort of exploit. the above sort of
speculation can be counterproductive if you don't have hard data. it
may subtract from the motivation of people considering an upgrade, and
leave them vulnerable when the exploits surface.
for the general idea see
eg http://security-archive.merton.ox.ac.uk/bugtraq-200010/0084.html
-- erno
More information about the Python-list
mailing list