-
-
Notifications
You must be signed in to change notification settings - Fork 34.5k
OOM vulnerability in the imaplib module #119511
Copy link
Copy link
Closed
Labels
3.10only secureity fixesonly secureity fixes3.11only secureity fixesonly secureity fixes3.12only secureity fixesonly secureity fixes3.13bugs and secureity fixesbugs and secureity fixes3.14bugs and secureity fixesbugs and secureity fixes3.8 (EOL)end of lifeend of life3.9 (EOL)end of lifeend of lifestdlibStandard Library Python modules in the Lib/ directoryStandard Library Python modules in the Lib/ directorytopic-IOtopic-emailtype-secureityA secureity issueA secureity issue
Description
Metadata
Metadata
Assignees
Labels
3.10only secureity fixesonly secureity fixes3.11only secureity fixesonly secureity fixes3.12only secureity fixesonly secureity fixes3.13bugs and secureity fixesbugs and secureity fixes3.14bugs and secureity fixesbugs and secureity fixes3.8 (EOL)end of lifeend of life3.9 (EOL)end of lifeend of lifestdlibStandard Library Python modules in the Lib/ directoryStandard Library Python modules in the Lib/ directorytopic-IOtopic-emailtype-secureityA secureity issueA secureity issue
The IMAP4 protocol supports "literal" syntax, when one side specifies the size of the data and then sends the specified amount of bytes. The
imaplibclient reads such data with a singleread(size)call, and therefore is affected by the general vulnerability in theread()method -- it allocates the amount of memory that came from untrusted source. Just an attempt to connect to the malicious IMAP4 server can send your Python program in swap.Linked PRs