[Python-modules-team] Bug#587700: python-cjson: CVE-2010-1666: buffer overflow
Raphael Geissert
geissert at debian.org
Wed Jun 30 23:17:08 UTC 2010
Package: python-cjson
Severity: grave
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was published for
python-cjson.
Quoting the original bug report[1]:
> There is a buffer overrun in cjson 1.0.5, on UCS4 builds. The string length
> is only resized for wide unicode characters if there is less than 12 bytes
> of space left. Padding with narrow-but-escaped characters prevents string
> resizing.
>
> The following line exhibits the overrun (it *may* segfault or display
garbage, etc):
> >>> cjson.encode(u'\U0001D11E\U0001D11E\U0001D11E\U0001D11E\u1234\u1234\u12
> >>> 34\u1234\u1234\u1234')
>
> (u'\U0001D11E\u1234' also breaks, but sometimes goes undetected.)
This issue has been assigned CVE-2010-1666.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
If possible, please provide packages for stable (to be released via the
security archive.)
For further information see:
[1]https://bugs.launchpad.net/ubuntu/+source/python-cjson/+bug/585274
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
More information about the Python-modules-team
mailing list