Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
Detailed repository view
The native Python socket module function recvfrom_into receives and writes a number of bytes from a socket into a given buffer.
This is called from Python as `socket.recvfrom_into(buffer[, nbytes[, flags]])`. The C function `sock_recvfrom_into` then creates a buffer structure `buf` for the purpose of receiving data.
`sock_recvfrom_guts` will then execute the critical write to the `cbuf` pointer as can be seen below.
Finally, one of the above `recvfrom` calls can now trigger a buffer overwrite in the provided `buf`/`cbuf` buffer.