Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-7185

Опубликовано: 23 июн. 2014
Источник: redhat
CVSS2: 4
EPSS Низкий

Описание

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.

An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash.

Отчет

This issue affects the versions of python as shipped with Red Hat Enterprise Linux 7. A future update may address this issue. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4pythonWill not fix
Red Hat Enterprise Linux 5pythonWill not fix
Red Hat Software Collectionspython27-pythonAffected
Red Hat Software Collectionspython33-pythonNot affected
Red Hat Software Collectionsrh-python34-pythonNot affected
Red Hat Enterprise Linux 6pythonFixedRHSA-2015:133020.07.2015
Red Hat Enterprise Linux 7pythonFixedRHSA-2015:210119.11.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6python27FixedRHSA-2015:106404.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6python27-pythonFixedRHSA-2015:106404.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6python27-python-pipFixedRHSA-2015:106404.06.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-190->CWE-125->CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1146026python: buffer() integer overflow leading to out of bounds read

EPSS

Процентиль: 78%
0.01208
Низкий

4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-7185

ubuntu
больше 10 лет назад

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.

nvd логотип

CVE-2014-7185

nvd
больше 10 лет назад

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.

debian логотип

CVE-2014-7185

debian
больше 10 лет назад

Integer overflow in bufferobject.c in Python before 2.7.8 allows conte ...

github логотип

GHSA-4p82-prjq-g7wr

github
около 3 лет назад

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.

suse-cvrf логотип

SUSE-SU-2015:1344-1

suse-cvrf
почти 10 лет назад

Security update for python

EPSS

Процентиль: 78%
0.01208
Низкий

4 Medium

CVSS2