New submission from Dhiraj :
Hi Team,
I have compiled cpython via clang using ASAN and memory leak was observed.
After successful build of python,
1. Run python
2. Ctrl + D
==21461==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 257790 byte(s) in 93 object(s) allocated from
New submission from Dhiraj :
File: /cpython/blob/master/Modules/posixmodule.c#L2657
#endif
result = access(path->narrow, mode);
Py_END_ALLOW_THREADS
return_value = !result;
#endif
If an attacker could change anything along the path between the call `access()`
and the fi
New submission from Dhiraj:
When Python Server receives a string of '/xff' (5 or more) from a page after
completing a handshake, the tab immediately crashes. There are variations of
this string with other characters mixed in that also cause an immediate close
of python server.
To reproduce
Dhiraj added the comment:
Sorry , for replying to late , But yes if the script is run , again and again
the application throws the python error and the Server gets crashed.
I request to have a look on it.
--
___
Python tracker <
New submission from Dhiraj:
Hello Sir ,
The Module of Python " -m SimpleHTTPServer " is vulnerable to Buffer Over Flow.
Step :
I have prepared a python script which is sending more than 5000+ Values to the
Module in GET Method , and as soon as , I run that Script , the
Changes by Dhiraj <mishra.dhira...@gmail.com>:
--
resolution: duplicate -> fixed
___
Python tracker <rep...@bugs.python.org>
<http://bugs.pyt
Dhiraj added the comment:
Please ha Look on issue 11980
http://bugs.python.org/issue11980
Already have been Patched
--
nosy: +DhirajMishra
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/i
Dhiraj added the comment:
Even the IDLE of Python is Vulnerable to CGI.ESCAPE() Please have a look on
attachments , I hope this would be Patch Soon.
Thank You
--
nosy: +dstufft, gregory.p.smith
type: -> security
Added file: http://bugs.python.org/file42013/Python-IDLE-
Dhiraj added the comment:
Hello @Georg Brandl PFA you'll be happy to find that python3.x is still
vulnerable to cgi.escape() the module is not able to escape some values and can
lead to XSS also.
As @Martin Panter said now cgi.escape() is been replaced to html.escape()
so accordingly
Dhiraj added the comment:
Hello @martin.panter okay But still the module cgi.escape() Vulnerable if the
Python Docs have created a new html.escape so you might remove the cgi.escape()
or Implement the quote = True in cgi.escape() Predefine as its in html.escape
because Developer mostly use
New submission from Dhiraj:
The Pre-defined Module cgi.escape() can lead to XSS or HTMLi
in every Version of Python.
Example :
import cgi
test = "Vulnerable"
cgi.escape(test)
Works Properly all the Charters are escape properly but ,
Example 2:
import cgi
test2 = ' " '
c
11 matches
Mail list logo
