CVE-2014-1912

Published: 21 February 2014

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

Priority

Medium

Status

Package Release Status
python2.6
Launchpad, Ubuntu, Debian
Upstream Ignored
(reached end-of-life)
python2.7
Launchpad, Ubuntu, Debian
Upstream Ignored
(reached end-of-life)
Patches:
Upstream: http://hg.python.org/cpython/rev/87673659d8f7
python3.1
Launchpad, Ubuntu, Debian
Upstream Needed

Patches:
Upstream: http://hg.python.org/cpython/rev/715fd3d8ac93
python3.2
Launchpad, Ubuntu, Debian
Upstream Needed

Patches:
Upstream: http://hg.python.org/cpython/rev/9c56217e5c79
python3.3
Launchpad, Ubuntu, Debian
Upstream Needed

Patches:
Upstream: http://hg.python.org/cpython/rev/7f176a45211f
python3.4
Launchpad, Ubuntu, Debian
Upstream Needed