Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - Python: incorrect decoding of UTF-16

May 2012 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

When a Python application decodes UTF-16 data containing errors, a desynchronization occurs, which leads to a memory read or corruption.

Severity: 2/4

Creation date: 25/04/2012

IMPACTED PRODUCTS

- Microsoft Windows - plateform
- Unix - plateform

DESCRIPTION OF THE VULNERABILITY

The UTF-16 encoding is used to represent Unicode characters on two bytes.

When UTF-16 data contain invalid characters, the unicode_decode_call_errorhandler() function is called. However, it does not update the aligned_end variable. Data which are processed later are thus incorrectly managed.

When a Python application decodes UTF-16 data containing errors, a desynchronization therefore occurs, which leads to a memory read or corruption.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/P...




See previous articles

    

See next articles