[pybsddb] Data leak in latest bsddb3/berkeleydb packages
Jesus Cea
jcea at jcea.es
Wed May 14 13:31:12 CEST 2025
On 14/5/25 3:49, Jacob Henner wrote:
> Here is a simple reproducer:
> https://gist.github.com/JacobHenner/8af2eeb7bfa29475aa203abcd526dccc
>
> The reproducer successfully reproduces the issue on Arch Linux amd64
> with libdb 6.2.32 or libdb 5.3.28 and Python 3.12.10.
>
> Interestingly, the code segfaults with Python 3.13.3. I will create a
> separate thread for that issue.
I am talking (or trying) with Oracle about this issue. It is serious.
Do you have experience creating a CVE?
--
Jesús Cea Avión _/_/ _/_/_/ _/_/_/
jcea at jcea.es - https://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
Twitter: @jcea _/_/ _/_/ _/_/_/_/_/
jabber / xmpp:jcea at jabber.org _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <https://mailman.jcea.es/pipermail/pybsddb/attachments/20250514/0f9933c2/attachment.bin>
More information about the pybsddb
mailing list