Red Hat Bugzilla – Bug 1277488
python-pycurl: use-after-free vulnerability in HTTPPOST when using FORM_BUFFERPTR with Unicode string
Last modified: 2016-11-08 10:54:34 EST
A use-after-free vulnerability was found in Curl object's HTTPPOST setopt when a Unicode value is passed as a value with a FORM_BUFFERPTR. The str object created from the passed in unicode object would have its buffer used but the unicode object would be stored instead of the str object.
Created python-pycurl tracking bugs for this issue:
Affects: fedora-all [bug 1277489]
Affects: epel-5 [bug 1277490]
(In reply to Adam Mariš from comment #1)
> Affects: epel-5 [bug 1277490]
How are you confirming that epel-5 is affected?
I see no CURLFORM_BUFFERPTR handling in python-pycurl-220.127.116.11-4.el5.
CURLFORM_BUFFERPTR support was only introduced in pycurl version 7.19.3. The versions used in Red Hat Enterprise Linux 7 and earlier are 7.19.0 or earlier. Therefore, no version currently in Red Hat Enterprise Linux is affected by this issue. Problem was fixed upstream 18.104.22.168.