[Python-Dev] XML DoS vulnerabilities and exploits in Python
Christian Heimes
christian at python.org
Wed Feb 20 22:55:57 CET 2013
More information about the Python-Dev mailing list
Wed Feb 20 22:55:57 CET 2013
- Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am 20.02.2013 21:17, schrieb Maciej Fijalkowski: > On Wed, Feb 20, 2013 at 8:24 PM, Christian Heimes <christian at python.org> wrote: >> Am 20.02.2013 17:25, schrieb Benjamin Peterson: >>> Are these going to become patches for Python, too? >> >> I'm working on it. The patches need to be discussed as they break >> backward compatibility and AFAIK XML standards, too. > > That's not very good. XML parsers are supposed to parse XML according > to standards. Is the goal to have them actually do that, or just > address DDOS issues? But the standard is flawed. It's not a distributed DoS issue, it's a severe DoS vulnerabilities. A single 1 kB XML document can kill virtually any machine, even servers with more than hundred GB RAM.
- Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list