python: overflow with large buffer sizes and/or offsets (CVE-2014-7185)
Python 2.7.8 fixes a potential wraparound in buffer() with possible CWE-200 implications.
Note: Though the request is for Python 2.7, vulnerable code appears to exist in EOL’d versions 1.6.1 through 2.6.9 as well.
References:
http://seclists.org/oss-sec/2014/q3/638
http://bugs.python.org/issue21831
(from redmine: issue id 3461, created on 2014-10-17, closed on 2014-10-23)
- Relations:
- child #3462 (closed)
- child #3463 (closed)
- child #3464 (closed)