CVE-2014-4616

Name
CVE-2014-4616
Description
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://hackerone.com/reports/12297
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1112285
Issue Tracking https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395
Mailing List http://openwall.com/lists/oss-security/2014/06/24/7
Third Party Advisory http://lists.opensuse.org/opensuse-updates/2014-07/msg00015.html
Issue Tracking http://bugs.python.org/issue21529
Patch https://security.gentoo.org/glsa/201503-10
Third Party Advisory http://www.securityfocus.com/bid/68119
REDHAT http://rhn.redhat.com/errata/RHSA-2015-1064.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:python:python:3.1.0:*:*:*:*:*:*:* python == None == 3.1.0
cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:* python == None == 3.1.1
cpe:2.3:a:python:python:2.7.2:*:*:*:*:*:*:* python == None == 2.7.2
cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:* python == None == 3.2.1
cpe:2.3:a:python:python:2.7.4:*:*:*:*:*:*:* python == None == 2.7.4
cpe:2.3:a:python:python:3.2.4:*:*:*:*:*:*:* python == None == 3.2.4
cpe:2.3:a:python:python:3.3.5:*:*:*:*:*:*:* python == None == 3.3.5
cpe:2.3:a:python:python:3.4.0:*:*:*:*:*:*:* python == None == 3.4.0
cpe:2.3:a:python:python:3.4.3:*:*:*:*:*:*:* python == None == 3.4.3
cpe:2.3:a:python:python:2.7.10:*:*:*:*:*:*:* python == None == 2.7.10
cpe:2.3:a:python:python:3.4.6:*:*:*:*:*:*:* python == None == 3.4.6
cpe:2.3:a:python:python:3.4.7:*:*:*:*:*:*:* python == None == 3.4.7
cpe:2.3:a:python:python:3.0.0:*:*:*:*:*:*:* python == None == 3.0.0
cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:* python == None == 3.1.2
cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:* python == None == 3.2.2
cpe:2.3:a:python:python:3.1.5:*:*:*:*:*:*:* python == None == 3.1.5
cpe:2.3:a:python:python:2.7.5:*:*:*:*:*:*:* python == None == 2.7.5
cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:* python == None == 3.3.2
cpe:2.3:a:python:python:3.4.1:*:*:*:*:*:*:* python == None == 3.4.1
cpe:2.3:a:python:python:2.7.7:*:*:*:*:*:*:* python == None == 2.7.7
cpe:2.3:a:python:python:3.5.0:*:*:*:*:*:*:* python == None == 3.5.0
cpe:2.3:a:python:python:2.7.11:*:*:*:*:*:*:* python == None == 2.7.11
cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:* python == None == 3.0.1
cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:* python == None == 2.7.1
cpe:2.3:a:python:python:3.1.4:*:*:*:*:*:*:* python == None == 3.1.4
cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:* python == None == 3.3.0
cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:* python == None == 3.3.1
cpe:2.3:a:python:python:3.3.3:*:*:*:*:*:*:* python == None == 3.3.3
cpe:2.3:a:python:python:3.3.4:*:*:*:*:*:*:* python == None == 3.3.4
cpe:2.3:a:python:python:3.3.6:*:*:*:*:*:*:* python == None == 3.3.6
cpe:2.3:a:python:python:2.7.9:*:*:*:*:*:*:* python == None == 2.7.9
cpe:2.3:a:python:python:3.4.5:*:*:*:*:*:*:* python == None == 3.4.5
cpe:2.3:a:python:python:2.7.13:*:*:*:*:*:*:* python == None == 2.7.13
cpe:2.3:a:python:python:2.7.0:*:*:*:*:*:*:* python == None == 2.7.0
cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:* python == None == 3.1.3
cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:* python == None == 3.2.0
cpe:2.3:a:python:python:2.7.3:*:*:*:*:*:*:* python == None == 2.7.3
cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:* python == None == 3.2.3
cpe:2.3:a:python:python:3.2.5:*:*:*:*:*:*:* python == None == 3.2.5
cpe:2.3:a:python:python:2.7.6:*:*:*:*:*:*:* python == None == 2.7.6
cpe:2.3:a:python:python:2.7.8:*:*:*:*:*:*:* python == None == 2.7.8
cpe:2.3:a:python:python:3.2.6:*:*:*:*:*:*:* python == None == 3.2.6
cpe:2.3:a:python:python:3.4.2:*:*:*:*:*:*:* python == None == 3.4.2
cpe:2.3:a:python:python:3.4.4:*:*:*:*:*:*:* python == None == 3.4.4
cpe:2.3:a:python:python:2.7.12:*:*:*:*:*:*:* python == None == 2.7.12

Vulnerable and fixed packages

Source package Branch Version Maintainer Status