Subscribe via feed.

Python 3.5 time_strftime() Buffer Over-Read

Posted by deepcore on November 3, 2015 – 1:53 pm

Python 3.5 suffers from a vulnerability caused by the behavior of the time_strftime() function. When called, the function loops over the format string provided, using strchr to search for each instance of ‘%’. After finding a ‘%’, it continues to search two characters ahead, assuming that each instance is the beginning of a well formed format string token. However, if a string ends with ‘%’, this logic will result in a call to strchr that reads off the end of the format string buffer.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.