—

PYSEC-2015-35

Details

Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / dulwich

Introduced in: 0 Fixed in: 0.9.9

Fix pip install --upgrade 'dulwich>=0.9.9'

References

http://www.debian.org/security/2015/dsa-3206 [ADVISORY]
https://lists.launchpad.net/dulwich-users/msg00829.html [WEB]
https://github.com/advisories/GHSA-vjjf-3rvg-gv3v [ADVISORY]