CVE-2014-4616
python: missing boundary check in JSON module
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
Un error de índice de matriz en la función scanstring en el módulo the _json en Python 2.7 en su versión 3.5 y simplejson en su versión 2.6.1 permite que atacantes dependientes del contexto lean archivos arbitrarios de la memoria de proceso mediante un valor de índice negativo en el argumento idx en la función raw_decode function.
A flaw was found in the way the json module handled negative index argument passed to certain functions (such as raw_decode()). An attacker able to control index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-06-24 CVE Reserved
- 2014-07-11 CVE Published
- 2023-11-28 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-129: Improper Validation of Array Index
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://openwall.com/lists/oss-security/2014/06/24/7 | Mailing List | |
| http://www.securityfocus.com/bid/68119 | Third Party Advisory | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395 | Issue Tracking |
| URL | Date | SRC |
|---|---|---|
| https://hackerone.com/reports/12297 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1112285 | 2015-11-19 | |
| https://security.gentoo.org/glsa/201503-10 | 2022-07-13 |
| URL | Date | SRC |
|---|---|---|
| http://bugs.python.org/issue21529 | 2022-07-13 | |
| http://lists.opensuse.org/opensuse-updates/2014-07/msg00015.html | 2022-07-13 | |
| http://rhn.redhat.com/errata/RHSA-2015-1064.html | 2022-07-13 | |
| https://access.redhat.com/security/cve/CVE-2014-4616 | 2015-11-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 2.7.0 < 2.7.7 Search vendor "Python" for product "Python" and version " >= 2.7.0 < 2.7.7" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.0.0 < 3.2.6 Search vendor "Python" for product "Python" and version " >= 3.0.0 < 3.2.6" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.3.0 < 3.3.6 Search vendor "Python" for product "Python" and version " >= 3.3.0 < 3.3.6" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.4.0 < 3.4.1 Search vendor "Python" for product "Python" and version " >= 3.4.0 < 3.4.1" | - |
Affected
| ||||||
| Simplejson Project Search vendor "Simplejson Project" | Simplejson Search vendor "Simplejson Project" for product "Simplejson" | < 2.6.1 Search vendor "Simplejson Project" for product "Simplejson" and version " < 2.6.1" | python |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1" | - |
Affected
| ||||||
| Opensuse Project Search vendor "Opensuse Project" | Opensuse Search vendor "Opensuse Project" for product "Opensuse" | 12.3 Search vendor "Opensuse Project" for product "Opensuse" and version "12.3" | - |
Affected
| ||||||