CVE-2014-4616

MEDIUM

Description

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.

References

http://bugs.python.org/issue21529

http://lists.opensuse.org/opensuse-updates/2014-07/msg00015.html

http://openwall.com/lists/oss-security/2014/06/24/7

http://rhn.redhat.com/errata/RHSA-2015-1064.html

http://www.securityfocus.com/bid/68119

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395

https://bugzilla.redhat.com/show_bug.cgi?id=1112285

https://hackerone.com/reports/12297

https://security.gentoo.org/glsa/201503-10

Details

Source: MITRE

Published: 2017-08-24

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:python:python:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.7.2:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.7.3:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.7.4:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.7.5:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.7.6:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.7.7:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.7.8:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.7.9:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.7.10:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.7.11:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.7.12:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.7.13:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.1.4:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.1.5:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.2.4:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.2.5:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.2.6:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.3.3:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.3.4:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.3.5:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.3.6:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.4.0:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.4.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.4.2:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.4.3:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.4.4:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.4.5:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.4.6:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.4.7:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.5.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:simplejson_project:simplejson:*:*:*:*:*:python:*:*

Configuration 3

OR

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse_project:opensuse:12.3:*:*:*:*:*:*:*

Tenable Plugins

View all (19 total)

ID	Name	Product	Family	Severity
124937	EulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)	Nessus	Huawei Local Security Checks	critical
87570	Scientific Linux Security Update : python on SL7.x x86_64 (20151119)	Nessus	Scientific Linux Local Security Checks	high
87129	CentOS 7 : python (CESA-2015:2101)	Nessus	CentOS Local Security Checks	high
87020	Oracle Linux 7 : python (ELSA-2015-2101)	Nessus	Oracle Linux Local Security Checks	high
86968	RHEL 7 : python (RHSA-2015:2101)	Nessus	Red Hat Local Security Checks	high
84428	Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : python2.7, python3.2, python3.4 vulnerabilities (USN-2653-1)	Nessus	Ubuntu Local Security Checks	high
82329	Mandriva Linux Security Advisory : python3 (MDVSA-2015:076)	Nessus	Mandriva Local Security Checks	high
82328	Mandriva Linux Security Advisory : python (MDVSA-2015:075)	Nessus	Mandriva Local Security Checks	high
82009	GLSA-201503-10 : Python: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
79238	Fedora 19 : python3-3.3.2-10.fc19 (2014-14257)	Nessus	Fedora Local Security Checks	medium
79095	Fedora 21 : python3-3.4.1-16.fc21 (2014-14208)	Nessus	Fedora Local Security Checks	medium
79076	Fedora 20 : python3-3.3.2-18.fc20 (2014-14245)	Nessus	Fedora Local Security Checks	medium
78323	Amazon Linux AMI : python27 (ALAS-2014-380)	Nessus	Amazon Linux Local Security Checks	medium
78317	Amazon Linux AMI : python-simplejson (ALAS-2014-374)	Nessus	Amazon Linux Local Security Checks	medium
76540	Fedora 19 : python3-3.3.2-9.fc19 (2014-8035)	Nessus	Fedora Local Security Checks	medium
76539	Fedora 19 : python-2.7.5-13.fc19 (2014-7772)	Nessus	Fedora Local Security Checks	medium
76488	openSUSE Security Update : python / python3 (openSUSE-SU-2014:0890-1)	Nessus	SuSE Local Security Checks	medium
76471	Mandriva Linux Security Advisory : python (MDVSA-2014:135)	Nessus	Mandriva Local Security Checks	low
76328	Fedora 20 : python-2.7.5-13.fc20 (2014-7800)	Nessus	Fedora Local Security Checks	medium