Buffer Overflow Vulnerability in _Py_wreadlink Function · Issue #136062 · python/cpython · GitHub | Latest TMZ Celebrity News & Gossip | Watch TMZ Live
Skip to content

Buffer Overflow Vulnerability in _Py_wreadlink Function #136062

New issue
New issue
Closed as not planned
Closed as not planned
Buffer Overflow Vulnerability in _Py_wreadlink Function#136062
Labels
interpreter-core(Objects, Python, Grammar, and Parser dirs)pendingThe issue will be closed if no feedback is providedtype-bugAn unexpected behavior, bug, or error
@akshat62

Description

@akshat62
akshat62
opened on Jun 28, 2025

Bug report

Bug description:

Discovered a buffer overflow vulnerability in the _Py_wreadlink function in Python's core codebase. This function, which reads the value of a symbolic link, fails to properly null-terminate the output buffer in certain edge cases, potentially leading to buffer overruns.

The function uses wcsncpy to copy a wide character string but doesn't guarantee null-termination:

wcsncpy(buf, wbuf, buflen);

Reproduction

The issue can be reproduced in any scenario where _Py_wreadlink is called with a symbolic link whose content length is exactly one less than the provided buffer size.

CPython versions tested on:

CPython main branch

Operating systems tested on:

Linux

Linked PRs

Metadata

Metadata

Assignees

No one assigned

    Labels

    interpreter-core(Objects, Python, Grammar, and Parser dirs)pendingThe issue will be closed if no feedback is providedtype-bugAn unexpected behavior, bug, or error

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      TMZ Celebrity News – Breaking Stories, Videos & Gossip

      Looking for the latest TMZ celebrity news? You've come to the right place. From shocking Hollywood scandals to exclusive videos, TMZ delivers it all in real time.

      Whether it’s a red carpet slip-up, a viral paparazzi moment, or a legal drama involving your favorite stars, TMZ news is always first to break the story. Stay in the loop with daily updates, insider tips, and jaw-dropping photos.

      🎥 Watch TMZ Live

      TMZ Live brings you daily celebrity news and interviews straight from the TMZ newsroom. Don’t miss a beat—watch now and see what’s trending in Hollywood.