CVE-2014-7185
python: buffer() integer overflow leading to out of bounds read
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
Desbordamiento de enteros en bufferobject.c en Python anterior a 2.7.8 permite a atacantes dependientes de contexto obtener información sensible de la memoria de procesos a través de un tamaño y desplazamiento grande en una función 'buffer'.
An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash.
A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code. This updates the python package to version 2.7.6, which fixes several other bugs, including denial of service flaws due to unbound readline() calls in the ftplib and nntplib modules. Denial of service flaws due to unbound readline() calls in the imaplib, poplib, and smtplib modules. A gzip bomb and unbound read denial of service flaw in python XMLRPC library. Python are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access. The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root. Python before 2.7.8 is vulnerable to an integer overflow in the buffer type. When Python's standard library HTTP clients (httplib, urllib, urllib2, xmlrpclib) are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against the requested host. It was possible to configure a trust root to be checked against, however there were no faculties for hostname checking. The python-pip and tix packages was added due to missing build dependencies.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-09-25 CVE Reserved
- 2014-10-08 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-189: Numeric Errors
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/09/25/47 | Mailing List |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/70089 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/96193 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://bugs.python.org/issue21831 | 2024-08-06 | |
| http://www.openwall.com/lists/oss-security/2014/09/23/5 | 2024-08-06 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1146026 | 2024-08-06 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | <= 2.7.7 Search vendor "Python" for product "Python" and version " <= 2.7.7" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 2.7.1 Search vendor "Python" for product "Python" and version "2.7.1" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 2.7.1 Search vendor "Python" for product "Python" and version "2.7.1" | rc1 |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 2.7.2 Search vendor "Python" for product "Python" and version "2.7.2" | rc1 |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 2.7.3 Search vendor "Python" for product "Python" and version "2.7.3" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 2.7.4 Search vendor "Python" for product "Python" and version "2.7.4" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 2.7.5 Search vendor "Python" for product "Python" and version "2.7.5" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 2.7.6 Search vendor "Python" for product "Python" and version "2.7.6" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 2.7.1150 Search vendor "Python" for product "Python" and version "2.7.1150" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 2.7.1150 Search vendor "Python" for product "Python" and version "2.7.1150" | x64 |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 2.7.2150 Search vendor "Python" for product "Python" and version "2.7.2150" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | <= 10.10.4 Search vendor "Apple" for product "Mac Os X" and version " <= 10.10.4" | - |
Affected
| ||||||