Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2014-7185

Published: 08/10/2014 Updated: 25/10/2019
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Python

Vulnerability Summary

Integer overflow in bufferobject.c in Python prior to 2.7.8 allows context-dependent malicious users to obtain sensitive information from process memory via a large size and offset in a "buffer" function.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

python python 2.7.1150

python python 2.7.2

python python 2.7.4

python python 2.7.5

python python 2.7.1

python python 2.7.6

python python

python python 2.7.2150

python python 2.7.3

apple mac os x

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2014-7185: python2.7: integer overflow in 'buffer' type allows reading memory
Debian Bug report logs - #763848 CVE-2014-7185: python27: integer overflow in 'buffer' type allows reading memory Package: python27; Maintainer for python27 is Matthias Klose <doko@debianorg>; Source for python27 is src:python27 (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Fri, 3 Oct 201 ...
Ubuntu Security Notice: python2.7, python3.2, python3.4 vulnerabilities
Several security issues were fixed in Python ...
Amazon Linux AMI: ALAS-2015-621
An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash It was discovered that multiple Python standard library modules implementing network protocols (such as httpli ...
Amazon Linux AMI: ALAS-2014-440
It was <a href="bugspythonorg/issue21766">discovered</a> that Python built-in module CGIHTTPServer does not properly handle URL-encoded path separators in URLs which may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root (CVE-2014-4650) Integer overflow in buffer ...
Red Hat: CVE-2014-7185
An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash ...

References

CWE-189http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139663.htmlhttp://www.openwall.com/lists/oss-security/2014/09/25/47http://bugs.python.org/issue21831https://bugzilla.redhat.com/show_bug.cgi?id=1146026http://www.securityfocus.com/bid/70089http://www.openwall.com/lists/oss-security/2014/09/23/5http://lists.opensuse.org/opensuse-updates/2014-10/msg00016.htmlhttp://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttps://support.apple.com/kb/HT205031http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttps://security.gentoo.org/glsa/201503-10https://exchange.xforce.ibmcloud.com/vulnerabilities/96193http://rhn.redhat.com/errata/RHSA-2015-1330.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1064.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763848https://usn.ubuntu.com/2653-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-7185
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651CVE-2024-34255elevation of privilegeCVE-2024-25529CVE-2024-4671NULL pointer dereferenceCVE-2024-25527template injectionCVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook