Vigil@nce - Python 3.4: seven vulnerabilities
February 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Python 3.4.
Impacted products: Python.
Severity: 2/4.
Creation date: 21/12/2015.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Python 3.4.
An attacker can generate an integer overflow in Iterator Object,
in order to trigger a denial of service, and possibly to run code.
[severity:2/4; 22939]
An attacker can generate a buffer overflow in Slice, in order to
trigger a denial of service, and possibly to run code.
[severity:2/4; 23985]
An attacker can generate a buffer overflow in _Unpickler_Read, in
order to trigger a denial of service, and possibly to run code.
[severity:1/4]
An attacker can force the usage of a freed memory area in _pickle,
in order to trigger a denial of service, and possibly to run code.
[severity:2/4; 24552]
An attacker can generate an integer overflow in pickle, in order
to trigger a denial of service, and possibly to run code.
[severity:2/4; 24521]
An attacker can use a vulnerability in dumbdbm, in order to
execute code. [severity:2/4; 22885]
An attacker can generate a buffer overflow in unicodedata module,
in order to trigger a denial of service, and possibly to execute
code. [severity:2/4; 23367]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Python-3-4-seven-vulnerabilities-18570