XMPP Service Operators - 2021-02-22


  1. Licaon_Kter

    Heads up #python https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177

  2. mathieui

    Licaon_Kter: sounds critical but who is passing user-generated data to ctypes?

  3. jonas’

    mathieui, step 1: take float from an API request, step 2: feed it into a library which is using ctypes?

  4. mathieui

    Yeah, I am just supposing that it is not very common to do so

  5. tom

    Not sending user generated input to exec() like a real programmer

  6. jonas’

    I don’t quite understand the scope of the vulnerability, but to me it reads as if it may be sufficient to pass some floats to numpy

  7. jonas’

    and print the array

  8. Kris

    does anyone know something like this but less abandoned? https://github.com/rakoo/ircg

  9. Kris

    this seems even more abandoned: https://github.com/kkaefer/medium

  10. Kris

    also found this: https://github.com/moparisthebest/xmpp-ircd

  11. Kris

    not sure if any better