search

steeve / python-lz4

LZ4 bindings for python
http://github.com/steeve/python-lz4
106 stars 31 forks source link

Addressing CVE-2014-4715 #24

Closed securitymouse closed 10 years ago

securitymouse commented 10 years ago

Please update the python-lz4 distribution to address the critical memory corruption flaw CVE-2014-4715. The python bindings have been found to be remotely exploitable when abused with this vulnerability.

http://www.cvedetails.com/cve/CVE-2014-4715 http://blog.securitymouse.com/2014/07/i-was-wrong-proving-lz4-exploitable.html

Thank you, Lab Mouse Security

securitymouse commented 10 years ago

Excellent. Thanks for closing this out quickly, Steeve!

D

On Mon, Jul 7, 2014 at 7:03 AM, Steeve Morin notifications@github.com wrote:

Closed #24 https://github.com/steeve/python-lz4/issues/24 via 76c27bf https://github.com/steeve/python-lz4/commit/76c27bf5d52637b9a12de33b95bd884da2fed64d .

— Reply to this email directly or view it on GitHub https://github.com/steeve/python-lz4/issues/24#event-138723886.