What is the severity of CVE-2014-4616?

CVE-2014-4616 has a medium severity due to the potential for context-dependent memory exposure.

How do I fix CVE-2014-4616?

To fix CVE-2014-4616, update Python to version 2.7.7 or later, or to 3.3.6 or later.

What versions of Python are affected by CVE-2014-4616?

CVE-2014-4616 affects Python versions from 2.7.0 to 2.7.3, and 3.0.0 to 3.4.0.

Is Simplejson affected by CVE-2014-4616?

Yes, Simplejson versions before 2.6.1 are affected by CVE-2014-4616.

What impact does CVE-2014-4616 have on system security?

CVE-2014-4616 may allow attackers to read arbitrary process memory, potentially exposing sensitive data.

Vulnerability/
CVE-2014-4616

medium

5.9

CWE

129

23/6/2014

24/8/2017

6/8/2024

CVE-2014-4616: Out-of-bounds Read

First published: Mon Jun 23 2014(Updated: )

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
debian/python2.7	<=2.7.3-6<=2.7.3-6+deb7u2
redhat/python	<2.7.7	2.7.7
redhat/python	<3.3.6	3.3.6
redhat/python	<3.4.1	3.4.1
debian/python2.7		2.7.18-8+deb11u1
Python Programming Language	>=2.7.0<2.7.7
Python Programming Language	>=3.0.0<3.2.6
Python Programming Language	>=3.3.0<3.3.6
Python Programming Language	>=3.4.0<3.4.1
simplejson	<2.6.1
openSUSE	=13.1
openSUSE	=12.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-4616?
CVE-2014-4616 has a medium severity due to the potential for context-dependent memory exposure.
How do I fix CVE-2014-4616?
To fix CVE-2014-4616, update Python to version 2.7.7 or later, or to 3.3.6 or later.
What versions of Python are affected by CVE-2014-4616?
CVE-2014-4616 affects Python versions from 2.7.0 to 2.7.3, and 3.0.0 to 3.4.0.
Is Simplejson affected by CVE-2014-4616?
Yes, Simplejson versions before 2.6.1 are affected by CVE-2014-4616.
What impact does CVE-2014-4616 have on system security?
CVE-2014-4616 may allow attackers to read arbitrary process memory, potentially exposing sensitive data.

agent/type
agent/first-publish-date
agent/weakness
agent/severity
agent/references
agent/remedy
agent/author
collector/debian-bugs
source/Debian
alias/CVE-2014-4616
agent/software-canonical-lookup
collector/redhat-bugzilla
source/Red Hat
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
collector/security-tracker-debian
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/debian
package-manager/redhat
vendor/python
canonical/python programming language
version/python programming language/2.7.0
version/python programming language/3.0.0
version/python programming language/3.3.0
version/python programming language/3.4.0
vendor/simplejson project
canonical/simplejson
vendor/opensuse
canonical/opensuse
version/opensuse/13.1
vendor/opensuse project
version/opensuse/12.3

CVE-2014-4616: Out-of-bounds Read

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-4616?

How do I fix CVE-2014-4616?

What versions of Python are affected by CVE-2014-4616?

Is Simplejson affected by CVE-2014-4616?

What impact does CVE-2014-4616 have on system security?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2014-4616?

How do I fix CVE-2014-4616?

What versions of Python are affected by CVE-2014-4616?

Is Simplejson affected by CVE-2014-4616?

What impact does CVE-2014-4616 have on system security?