[Twisted-Python] Issues stemming from CVE-2014-1912?

Dustin J. Mitchell dustin at v.igoro.us
Wed Feb 26 19:02:34 MST 2014


https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/
identified a remote code execution vulnerability in Python's
`Socket.recvfrom_into method`.  Some brief grepping around the Twisted
source doesn't find this method, but I'd be interested to hear what
the maintainers have to say on the matter: is a twisted app which
doesn't, itself use this method safe?

Dustin



More information about the Twisted-Python mailing list