python · tornadoHeads-up
Tornado: Buffer Overread in tornado.speedups websocket_mask
Tornado's optional native extension `tornado.
What changed
Tornado's optional native extension `tornado.speedups` has a bug in `websocket_mask` that reads beyond the provided buffer when the `mask` argument is shorter than four bytes, potentially exposing up to 3 bytes of uninitialized memory.
Who it affects
Users of Tornado with `xsrf_cookies=True` and the native extension enabled.
What to do today
Upgrade to Tornado 6.5.6 or set the environment variable TORNADO_EXTENSION=0 to disable the vulnerable code.
The trail
Collected→
Audited→
Written→
Published