CVE-2014-4616

Source

https://nvd.nist.gov/vuln/detail/CVE-2014-4616

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2014-4616.json

Aliases

Related

USN-2653-1

Published

2017-08-24T20:29:00Z

Modified

2024-05-14T04:53:33.618046Z

Summary

[none]

Details

Array index error in the scanstring function in the json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the rawdecode function.

References

Affected packages

Alpine:v3.4 / python

Package

Name: python

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.7-r0

Affected versions

2.*

2.6.1-r0

2.6.1-r1

2.6.1-r2

2.6.2-r0

2.6.2-r1

2.6.3-r0

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.5-r3

2.6.5-r4

2.6.5-r5

2.6.5-r6

2.6.5-r7

2.6.5-r8

2.7.2-r8

2.7.3-r8

2.7.5-r8

2.7.6-r8

Alpine:v3.5 / python2

Package

Name: python2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.7-r0

Affected versions

2.*

2.6.1-r0

2.6.1-r1

2.6.1-r2

2.6.2-r0

2.6.2-r1

2.6.3-r0

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.5-r3

2.6.5-r4

2.6.5-r5

2.6.5-r6

2.6.5-r7

2.6.5-r8

2.7.2-r8

2.7.3-r8

2.7.5-r8

2.7.6-r8

Alpine:v3.6 / python2

Package

Name: python2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.7-r0

Affected versions

2.*

2.6.1-r0

2.6.1-r1

2.6.1-r2

2.6.2-r0

2.6.2-r1

2.6.3-r0

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.5-r3

2.6.5-r4

2.6.5-r5

2.6.5-r6

2.6.5-r7

2.6.5-r8

2.7.2-r8

2.7.3-r8

2.7.5-r8

2.7.6-r8