472,328 Members | 1,776 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,328 software developers and data experts.

SECURITY ADVISORY [PSF-2006-001] Buffer overrun in repr() for UCS-4encoded unicode strings

Buffer overrun in repr() for UCS-4 encoded unicode strings


Advisory ID: PSF-2006-001
Issue Date: October 12, 2006
Product: Python
Versions: 2.2, 2.3, 2.4 prior to 2.4.4, wide unicode (UCS-4) builds only
CVE Names: CAN-2006-4980

Python is an interpreted, interactive, object-oriented programming language.
It is often compared to Tcl, Perl, Scheme or Java.

The Python development team has discovered a flaw in the repr() implementation
of Unicode string objects which can lead to execution of arbitrary code due
to an overflow in a buffer allocated with insufficient size.

The flaw only manifests itself in Python builds configured to support UCS-4
Unicode strings (using the --enable-unicode=ucs4 configure flag). This is
still not the default, which is why the vulnerability should not be present
in most Python builds out there, especially not the builds for the Windows or
Mac OS X platform provided by www.python.org.

You can find out whether you are running a UCS-4 enabled build by looking at
the sys.maxunicode attribute: it is 65535 in a UCS-2 build and 1114111 in a
UCS-4 build.

More information can be found in this posting to the python-dev mailing list:

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2006-4980 to this issue.

Python 2.4.4 will be released from www.python.org next week containing a fix
for this issue. A release candidate of 2.4.4 is already available containing
the fix. Python 2.5 also already contains the fix and is not vulnerable.

Patches for Python 2.2, 2.3 and 2.4 are also immediately available:

* http://python.org/files/news/securit.../patch-2.3.txt
(Python 2.2, 2.3)
* http://python.org/files/news/securit.../patch-2.4.txt
(Python 2.4)

Acknowledgement: thanks to Benjamin C. Wiley Sittler for discovering this

The official URL for this security advisory is

Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQBFLe9wDt3F8mpFyBYRAqjoAJ9nautQiN193DgARfx2nK WOPrKFXQCeOafq

Oct 12 '06 #1
0 1556

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

by: Supernews | last post by:
I work for Macromedia and we are looking to form advisory groups to better understand the needs of developers and inform future product development....
by: Tim Tyler | last post by:
Here's what this morning's security advisory read here: ``In the last 3 months we have noticed an marked increase in the number of web-server...
by: Stephan Deibel | last post by:
Hi, As the holiday season ends and a new year approaches, I would like to take this opportunity to thank everyone that donated to the Python...
by: Stephan Deibel | last post by:
Hi, Just wanted to follow up on my earlier message requesting donations to the Python Software Foundation. The PSF has now announced the...
by: Alan McIntyre | last post by:
Hi all, I asked the PSF folks if they plan on offering a subscription donation option, and they do eventually, if there's enough interest. If...
by: PayPal | last post by:
<HTML> <HEAD> <META NAME="GENERATOR" Content="Microsoft DHTML Editing Control"> <TITLE></TITLE> </HEAD> <BODY> <STYLE type=text/css> ..dummy...
by: Bangalore | last post by:
Hi, Plz, clarify me , with the differences between advisory lock and mandatory locks. Thnanks in advance Bangalore.
by: DFS | last post by:
Architecture: Access 2003 client, Oracle 9i repository, no Access security in place, ODBC linked tables. 100 or so users, in 3 or 4 groups...
by: darren via AccessMonster.com | last post by:
Hi I've seen details on bypassing macro security with a bat file but has any one incorporated this with Tony Toews FE Updater? If so, I'd...
by: =?iso-8859-1?B?QW5kcuk=?= | last post by:
A security hole has been uncovered in Crunchy (version and earlier). Anyone using Crunchy to browse web tutorials should only visit sites...
by: tammygombez | last post by:
Hey everyone! I've been researching gaming laptops lately, and I must say, they can get pretty expensive. However, I've come across some great...
by: teenabhardwaj | last post by:
How would one discover a valid source for learning news, comfort, and help for engineering designs? Covering through piles of books takes a lot of...
by: Kemmylinns12 | last post by:
Blockchain technology has emerged as a transformative force in the business world, offering unprecedented opportunities for innovation and...
by: CD Tom | last post by:
This happens in runtime 2013 and 2016. When a report is run and then closed a toolbar shows up and the only way to get it to go away is to right...
by: CD Tom | last post by:
This only shows up in access runtime. When a user select a report from my report menu when they close the report they get a menu I've called Add-ins...
by: jalbright99669 | last post by:
Am having a bit of a time with URL Rewrite. I need to incorporate http to https redirect with a reverse proxy. I have the URL Rewrite rules made...
by: antdb | last post by:
Ⅰ. Advantage of AntDB: hyper-convergence + streaming processing engine In the overall architecture, a new "hyper-convergence" concept was...
by: Matthew3360 | last post by:
Hi there. I have been struggling to find out how to use a variable as my location in my header redirect function. Here is my code. ...
by: Matthew3360 | last post by:
Hi, I have a python app that i want to be able to get variables from a php page on my webserver. My python app is on my computer. How would I make it...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.