Vigil@nce - Python: eight vulnerabilities
July 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Python.
Impacted products: Python
Severity: 2/4
Creation date: 26/05/2015
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Python.
An attacker can generate a buffer overflow in
PyUnicode_FromFormatV, in order to trigger a denial of service,
and possibly to execute code. [severity:2/4; 23055]
An attacker can use a vulnerability in dumbdbm, in order to
execute code. [severity:2/4; 22885]
An attacker can generate a buffer overflow in unicodedata module,
in order to trigger a denial of service, and possibly to execute
code. [severity:2/4; 23367]
An attacker can generate a buffer overflow in
itertools.permutations, in order to trigger a denial of service,
and possibly to execute code. [severity:2/4; 23363]
An attacker can generate a buffer overflow in itertools.produc, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; 23364]
An attacker can generate a buffer overflow in
itertools.combinations_with_replacement, in order to trigger a
denial of service, and possibly to execute code. [severity:2/4;
23365]
An attacker can generate a buffer overflow in
itertools.combinations, in order to trigger a denial of service,
and possibly to execute code. [severity:2/4; 23366]
An attacker can create a socket leak in HTTPConnection.getresponse,
in order to trigger a denial of service. [severity:2/4; 21032]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Python-eight-vulnerabilities-16985