Описание
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python2.5 | removed | package | ||
| python2.5 | no-dsa | squeeze | package | |
| python2.6 | removed | package | ||
| python2.6 | no-dsa | squeeze | package | |
| python2.6 | no-dsa | wheezy | package | |
| python2.7 | fixed | 2.7.7-1 | package | |
| python2.7 | no-dsa | wheezy | package | |
| python3.2 | removed | package | ||
| python3.2 | no-dsa | wheezy | package | |
| python3.3 | removed | package | ||
| python3.4 | fixed | 3.4.0+20140417-1 | package |
Примечания
http://bugs.python.org/issue21529
EPSS
Связанные уязвимости
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
simplejson before 2.6.1 vulnerable to array index error
ELSA-2015-2101: python security, bug fix, and enhancement update (MODERATE)
EPSS