Skip to content

IPv6 address parsing doesn't limit buffer size #128840

New issue
New issue
Open
Open
IPv6 address parsing doesn't limit buffer size#128840
Labels
stdlibPython modules in the Lib dirtype-bugAn unexpected behavior, bug, or errortype-securityA security issue
@sethmlarson

Description

@sethmlarson
sethmlarson
opened on Jan 14, 2025 · edited by bedevere-app

Bug report

Bug description:

IPv6 addresses have a maximum length (8 colon-separated parts) but the current implementation doesn't limit the length. Similar issue to django/django@ca2be77

CPython versions tested on:

CPython main branch

Operating systems tested on:

No response

Linked PRs

Activity

sethmlarson
added
type-bugAn unexpected behavior, bug, or error
type-securityA security issue
on Jan 14, 2025
picnixz
added
stdlibPython modules in the Lib dir
on Jan 14, 2025
sethmlarson
added a commit that references this issue on Jan 14, 2025

pythonGH-128840: Limit the number of parts in IPv6 address parsing

115bec4
sethmlarson
mentioned this on Jan 14, 2025
serhiy-storchaka

serhiy-storchaka commented on Jan 15, 2025

@serhiy-storchaka
serhiy-storchaka
on Jan 15, 2025
Member

I do not think this is a security issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    stdlibPython modules in the Lib dirtype-bugAn unexpected behavior, bug, or errortype-securityA security issue

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @serhiy-storchaka@picnixz@sethmlarson

        Issue actions
          IPv6 address parsing doesn't limit buffer size · Issue #128840 · python/cpython