[Twisted-Python] Issues stemming from CVE-2014-1912?
exarkun at twistedmatrix.com
exarkun at twistedmatrix.com
Thu Feb 27 05:01:27 MST 2014
On 08:58 am, _ at lvh.io wrote:
>Hi Dustin,
>
>
>This exploit appears to be specific to how received data is written to
>the
>already existing buffer, so the _into forms of recv,recvfrom. Even if
>we
>assume there's a parallel export for regular recv_into and not just
>recvfrom_into (which hasn't been shown), Twisted never calls either of
>the
>_into forms.
>
>As a result, it looks like we're unaffected.
This seems correct to me.
Jean-Paul
More information about the Twisted-Python
mailing list