CVE-2014-4616: Out-of-bounds Read
First published: Mon Jun 23 2014(Updated: )
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/python2.7 | <=2.7.3-6<=2.7.3-6+deb7u2 | |
| redhat/python | <2.7.7 | 2.7.7 |
| redhat/python | <3.3.6 | 3.3.6 |
| redhat/python | <3.4.1 | 3.4.1 |
| Python Python | >=2.7.0<2.7.7 | |
| Python Python | >=3.0.0<3.2.6 | |
| Python Python | >=3.3.0<3.3.6 | |
| Python Python | >=3.4.0<3.4.1 | |
| Simplejson Project Simplejson Python | <2.6.1 | |
| openSUSE openSUSE | =13.1 | |
| Opensuse Project Opensuse | =12.3 | |
| debian/python2.7 | 2.7.18-8+deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.python.org/issue21529
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395
- https://bugzilla.redhat.com/show_bug.cgi?id=1112285
- https://hackerone.com/reports/12297
- https://security-tracker.debian.org/tracker/CVE-2014-4616
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395#5
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395#19
- http://cve.mitre.org/cve/request_id.html
- http://lists.opensuse.org/opensuse-updates/2014-07/msg00015.html
- http://openwall.com/lists/oss-security/2014/06/24/7
- http://rhn.redhat.com/errata/RHSA-2015-1064.html
- http://www.securityfocus.com/bid/68119
- https://security.gentoo.org/glsa/201503-10
- http://hg.python.org/cpython/rev/50c07ed1743d
- http://hg.python.org/cpython/rev/a8facac493ef
- http://hg.python.org/cpython/rev/8130b8c06606
- http://hg.python.org/cpython/rev/4f15bd1ab28f
- http://hg.python.org/cpython/rev/7b95540ced5c
- http://hg.python.org/cpython/rev/3a414c709f1f
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1112293
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1112294
- https://docs.python.org/2/library/json.html#json.JSONDecoder.raw_decode
- https://docs.python.org/3/library/json.html#json.JSONDecoder.raw_decode
- http://hg.python.org/cpython/rev/52199
- http://bugs.python.org/issue4136
- https://github.com/simplejson/simplejson/commit/0fb0aea
- https://github.com/simplejson/simplejson/issues/98
- http://simplejson.readthedocs.org/en/latest/#simplejson.JSONDecoder.raw_decode
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1112285#c5
- https://github.com/simplejson/simplejson/commit/b7486b8
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1112285#c7
- https://admin.fedoraproject.org/updates/python-simplejson-3.5.3-1.fc20
- https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134761.html
- https://access.redhat.com/security/updates/classification/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1115518
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1115517
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1115519
- https://rhn.redhat.com/errata/RHSA-2015-1064.html
- https://rhn.redhat.com/errata/RHSA-2015-2101.html
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/references
- agent/remedy
- agent/author
- collector/debian-bugs
- source/Debian
- alias/CVE-2014-4616
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- collector/security-tracker-debian
- agent/event
- agent/description
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- package-manager/redhat
- vendor/python
- canonical/python python
- version/python python/2.7.0
- version/python python/3.0.0
- version/python python/3.3.0
- version/python python/3.4.0
- vendor/simplejson project
- canonical/simplejson project simplejson python
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/13.1
- vendor/opensuse project
- canonical/opensuse project opensuse
- version/opensuse project opensuse/12.3