Fix arbitrary memory access in JSONDecoder.raw_decode() with a negative second parameter.
Note: The issue #21529 was created at 2014-05-19, after the commit.
Dates:
Disclosure date: 2014-04-13 (commit)
Reported by: Guido Vranken
Red Hat impact: Moderate
Python 2.7.7 (2014-05-31) fixed by commit 6c939cb (branch 2.7) (2014-04-14)
Python 3.2.6 (2014-10-12) fixed by commit 99b5afa (branch 3.2) (2014-04-14)
Python 3.3.6 (2014-10-12) fixed by commit 99b5afa (branch 3.2) (2014-04-14)
Python 3.4.1 (2014-05-18) fixed by commit 99b5afa (branch 3.2) (2014-04-14)
Python 3.5.0 (2015-09-12) fixed by commit 99b5afa (branch 3.2) (2014-04-14)
JSON module: reading arbitrary process memory.
Python issue: bpo-21529
Creation date: 2014-05-19
Reporter: Benjamin Peterson
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
CVE ID: CVE-2014-4616
Published: 2017-08-24
CVSS Score: 4.3
Timeline using the disclosure date 2014-04-13 as reference:
2014-04-13: Disclosure date (commit)
2014-04-14 (+1 days): commit 6c939cb (branch 2.7)
2014-04-14 (+1 days): commit 99b5afa (branch 3.2)
2014-05-18 (+35 days): Python 3.4.1 released
2014-05-19 (+36 days): Python issue bpo-21529 reported by Benjamin Peterson
2014-05-31 (+48 days): Python 2.7.7 released
2014-10-12 (+182 days): Python 3.2.6 released
2014-10-12 (+182 days): Python 3.3.6 released
2015-09-12: Python 3.5.0 released
2017-08-24 (+1229 days): CVE-2014-4616 published
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4