Back to search
CVE-2014-4616
Published: Aug 24, 2017
Modified: Aug 6, 2024
PUBLISHED
Description
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://hackerone.com/reports/12297
x_refsource_MISC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395
x_refsource_MISC
RHSA-2015:1064
vendor-advisory
x_refsource_REDHAT
68119
vdb-entry
x_refsource_BID
openSUSE-SU-2014:0890
vendor-advisory
x_refsource_SUSE
GLSA-201503-10
vendor-advisory
x_refsource_GENTOO
[oss-security] 20140624 Re: CVE request: python: _json module is vulnerable to arbitrary process memory read
mailing-list
x_refsource_MLIST
http://bugs.python.org/issue21529
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1112285
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now