New submission from Iman Sharafodin <iman.sharafo...@gmail.com>:
I was testing the latest release of Python 3.6 (June 27, 2020) (https://www.python.org/ftp/python/3.6.11/Python-3.6.11.tgz) and I found that there is lack of enough checks on line number 956 in Objects/object.c file which can cause a segmentation fault. It could lead to security related issues. I've attached the PoC.pyc. Program received signal SIGSEGV, Segmentation fault. PyObject_SetAttr (v=v@entry=0x6d7373616c637463, name=0x7ffff7f75730, value=value@entry=0x0) at Objects/object.c:956 956 PyTypeObject *tp = Py_TYPE(v); ---------- components: Interpreter Core files: PoC.pyc messages: 372683 nosy: Iman Sharafodin priority: normal severity: normal status: open title: Lack of proper checking in PyObject_SetAttr leads to segmentation fault type: security versions: Python 3.6 Added file: https://bugs.python.org/file49280/PoC.pyc _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue41168> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
