Full title: Python 3.5 Bytearray Pop And Remove Buffer Over-Read Vulnerability 
Category: remote exploits
Platform: python
Python versions 2.7 and 3.2 through 3.5 bytearray pop and remove methods suffer from buffer over-reads caused by memmove use under the assumption that PyByteArrayObject ob_size is less than ob_alloc, leading to a single byte over-read. This condition can be triggered by creating a bytearray from a range of length 0x10, then calling pop with a valid index.

# 0day.today @ http://0day.today/