28 matches found
CVE-2024-12254
Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer...
PSF-2024-14
Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer...
CVE-2024-12254 Unbounded memory buffering in SelectorSocketTransport.writelines()
Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer...
CVE-2024-12254
Summary (CVE-2024-12254): In Python 3.12.0+ the asyncio._SelectorSocketTransport.writelines() path may fail to pause and drain the write buffer at the high-water mark, causing unbounded memory buffering and potential exhaustion. Affected: Python 3.12.x with asyncio protocols using writelines(); r...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the SelectorSocketTransport.writelines method not draining its buffers, when Protocols are in use. An attacker can cause this behavior which eventually exhausts available memor...
Python 安全漏洞
Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.12.0 and later, which stems from the fact that the...
R Command Shell, Reverse TCP
Connect back and create a command shell via R This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 150 include Msf::Payload::Single include Msf::Payload::R include...
R Command Shell, Bind TCP
Continually listen for a connection and spawn a command shell via R This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 125 include Msf::Payload::Single include Msf::Payload::R include...