Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2014-4616

Published: 24/08/2017 Updated: 13/07/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Python

Vulnerability Summary

Array index error in the scanstring function in the _json module in Python 2.7 up to and including 3.5 and simplejson prior to 2.6.1 allows context-dependent malicious users to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

python python

simplejson project simplejson

opensuse project opensuse 12.3

opensuse opensuse 13.1

Vendor Advisories

Debian CVElist Bug Report Logs: python2.7: CVE-2014-4616: JSON module: reading arbitrary process memory
Debian Bug report logs - #752395 python27: CVE-2014-4616: JSON module: reading arbitrary process memory Package: python27; Maintainer for python27 is Matthias Klose <doko@debianorg>; Source for python27 is src:python27 (PTS, buildd, popcon) Reported by: Gert van Dijk <gertvdijk@gmailcom> Date: Mon, 23 Jun 2014 ...
Ubuntu Security Notice: python2.7, python3.2, python3.4 vulnerabilities
Several security issues were fixed in Python ...
Amazon Linux AMI: ALAS-2014-374
It was <a href="bugspythonorg/issue21529"</a>reported</a> that Python built-in _json module have a flaw (insufficient bounds checking), which allows a local user to read current process' arbitrary memory Quoting the upstream bug report: <i>The sole prerequisites of this attack are that the attacker is able to control ...
Amazon Linux AMI: ALAS-2014-380
It was <a href="bugspythonorg/issue21529">reported</a> that Python built-in _json module have a flaw (insufficient bounds checking), which allows a local user to read current process' arbitrary memory Quoting the upstream bug report: <i>The sole prerequisites of this attack are that the attacker is able to control or inf ...
Red Hat: CVE-2014-4616
A flaw was found in the way the json module handled negative index argument passed to certain functions (such as raw_decode()) An attacker able to control index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory ...

References

CWE-129https://hackerone.com/reports/12297https://bugzilla.redhat.com/show_bug.cgi?id=1112285https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395http://openwall.com/lists/oss-security/2014/06/24/7http://lists.opensuse.org/opensuse-updates/2014-07/msg00015.htmlhttp://bugs.python.org/issue21529https://security.gentoo.org/glsa/201503-10http://www.securityfocus.com/bid/68119http://rhn.redhat.com/errata/RHSA-2015-1064.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395https://usn.ubuntu.com/2653-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook