CVE 2014-4616
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
Related bugs and status
CVE-2014-4616 (Candidate) is related to these bugs:
Bug #1333396: JSON module: reading arbitrary process memory
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1333396 | JSON module: reading arbitrary process memory | python2.7 (Ubuntu) | Undecided | Fix Released | ||
1333396 | JSON module: reading arbitrary process memory | python2.7 (Debian) | Unknown | Fix Released | ||
1333396 | JSON module: reading arbitrary process memory | Python | Unknown | Fix Released | ||
1333396 | JSON module: reading arbitrary process memory | python3.2 (Ubuntu) | Undecided | Invalid | ||
1333396 | JSON module: reading arbitrary process memory | python3.3 (Ubuntu) | Undecided | Triaged | ||
1333396 | JSON module: reading arbitrary process memory | python3.4 (Ubuntu) | Undecided | Fix Released | ||
1333396 | JSON module: reading arbitrary process memory | python2.6 (Ubuntu) | Undecided | Invalid | ||
1333396 | JSON module: reading arbitrary process memory | python2.6 (Ubuntu Lucid) | Undecided | Won't Fix | ||
1333396 | JSON module: reading arbitrary process memory | python2.7 (Ubuntu Saucy) | Undecided | Won't Fix | ||
1333396 | JSON module: reading arbitrary process memory | python3.3 (Ubuntu Saucy) | Undecided | Won't Fix | ||
1333396 | JSON module: reading arbitrary process memory | python2.7 (Ubuntu Precise) | Undecided | Won't Fix | ||
1333396 | JSON module: reading arbitrary process memory | python3.2 (Ubuntu Precise) | Undecided | Won't Fix | ||
1333396 | JSON module: reading arbitrary process memory | python2.7 (Ubuntu Utopic) | Undecided | Fix Released | ||
1333396 | JSON module: reading arbitrary process memory | python3.4 (Ubuntu Utopic) | Undecided | Fix Released | ||
1333396 | JSON module: reading arbitrary process memory | python2.7 (Ubuntu Trusty) | Undecided | Triaged | ||
1333396 | JSON module: reading arbitrary process memory | python3.4 (Ubuntu Trusty) | Undecided | Triaged |
See the
CVE page on Mitre.org
for more details.