[Twisted-Python] Issues stemming from CVE-2014-1912?

Laurens Van Houtven _ at lvh.io
Thu Feb 27 01:58:02 MST 2014


Hi Dustin,


This exploit appears to be specific to how received data is written to the
already existing buffer, so the _into forms of recv,recvfrom. Even if we
assume there's a parallel export for regular recv_into and not just
recvfrom_into (which hasn't been shown), Twisted never calls either of the
_into forms.

As a result, it looks like we're unaffected.


hth
lvh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://twistedmatrix.com/pipermail/twisted-python/attachments/20140227/5629f32a/attachment.html>


More information about the Twisted-Python mailing list