Skip to content

UAF on fut->fut_callback0 with evil __eq__ in _asynciomodule.c #125966

New issue
New issue
Closed
Closed
UAF on fut->fut_callback0 with evil __eq__ in _asynciomodule.c#125966
Assignees
picnixz
Labels
3.12only security fixes3.13bugs and security fixes3.14bugs and security fixestopic-asynciotype-crashA hard crash of the interpreter, possibly with a core dump
@picnixz

Description

@picnixz
picnixz
opened on Oct 25, 2024

Crash report

Bug description:

This is an issue just to track the progress of fixing the UAF on fut->fut_callback0 (see #125833 (comment)).

The UAF that could be exploited by clearing fut._callbacks won't be triggered anymore since after #125922, we will not mutate the internal list itself anymore but it is still be possilbe to mutate fut->fut_callback0 directly: #125833 (comment).

CPython versions tested on:

CPython main branch

Operating systems tested on:

No response

Linked PRs

Metadata

Metadata

Assignees

Labels

3.12only security fixes3.13bugs and security fixes3.14bugs and security fixestopic-asynciotype-crashA hard crash of the interpreter, possibly with a core dump

Projects

asyncio

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions