Navigation
Search
|
[$] A Python security fix breaks (some) bignums
Wednesday September 14, 2022. 01:38 PM , from LWN.net
Typically, an urgent security release of a project is not for a
two-year-old CVE, but such is the case for a recent Python release of four versions of the language. The bug is a denial of service (DoS) that can be caused by converting enormous numbers to strings—or vice versa—but it was not deemed serious enough to fix when it was first reported. Evidently more recent reports, including a remote exploit of the bug, have raised its importance—causing a rushed-out fix. But the fix breaks some existing Python code, and the process of handling the incident has left something to be desired, leading the project to look at ways to improve its processes.
https://lwn.net/Articles/907572/
|
25 sources
Current Date
Apr, Fri 19 - 00:24 CEST
|