[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-7185Date: (C)2014-10-09   (M)2024-03-26


Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.4
Exploit Score: 10.0
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: PARTIAL
  
Reference:
BID-70089
APPLE-SA-2015-08-13-2
FEDORA-2014-11559
GLSA-201503-10
RHSA-2015:1064
RHSA-2015:1330
http://www.openwall.com/lists/oss-security/2014/09/23/5
http://www.openwall.com/lists/oss-security/2014/09/25/47
http://bugs.python.org/issue21831
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://bugzilla.redhat.com/show_bug.cgi?id=1146026
https://support.apple.com/kb/HT205031
openSUSE-SU-2014:1292
python-bufferobject-overflow(96193)

CPE    13
cpe:/a:python:python:2.7.1150
cpe:/a:python:python:2.7.1150::~~~~x64~
cpe:/a:python:python:2.7
cpe:/a:python:python:2.7.2150
...
CWE    1
CWE-189
OVAL    20
oval:org.secpod.oval:def:505086
oval:org.secpod.oval:def:204253
oval:org.secpod.oval:def:1600002
oval:org.secpod.oval:def:26688
...

© SecPod Technologies