-
-
Notifications
You must be signed in to change notification settings - Fork 34.4k
OOM vulnerability in the imaplib module #119511
Copy link
Copy link
Closed
Labels
3.10only security fixesonly security fixes3.11only security fixesonly security fixes3.12only security fixesonly security fixes3.13bugs and security fixesbugs and security fixes3.14bugs and security fixesbugs and security fixes3.8 (EOL)end of lifeend of life3.9 (EOL)end of lifeend of lifestdlibStandard Library Python modules in the Lib/ directoryStandard Library Python modules in the Lib/ directorytopic-IOtopic-emailtype-securityA security issueA security issue
Description
Metadata
Metadata
Assignees
Labels
3.10only security fixesonly security fixes3.11only security fixesonly security fixes3.12only security fixesonly security fixes3.13bugs and security fixesbugs and security fixes3.14bugs and security fixesbugs and security fixes3.8 (EOL)end of lifeend of life3.9 (EOL)end of lifeend of lifestdlibStandard Library Python modules in the Lib/ directoryStandard Library Python modules in the Lib/ directorytopic-IOtopic-emailtype-securityA security issueA security issue
The IMAP4 protocol supports "literal" syntax, when one side specifies the size of the data and then sends the specified amount of bytes. The
imaplibclient reads such data with a singleread(size)call, and therefore is affected by the general vulnerability in theread()method -- it allocates the amount of memory that came from untrusted source. Just an attempt to connect to the malicious IMAP4 server can send your Python program in swap.Linked PRs