Your submission was sent successfully! Close

CVE-2014-4616

Published: 26 June 2014

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.

Priority

Low

CVSS 3 base score: 5.9

Status

Package Release Status
python2.7
Launchpad, Ubuntu, Debian
lucid Does not exist

precise
Released (2.7.3-0ubuntu3.8)
saucy Ignored
(reached end-of-life)
trusty
Released (2.7.6-8ubuntu0.2)
upstream Not vulnerable
(2.7.7~rc1)
utopic Not vulnerable
(2.7.7-2)
vivid Not vulnerable
(2.7.7-2)
Patches:
upstream: http://hg.python.org/cpython/rev/50c07ed1743d
upstream: https://hg.python.org/cpython/rev/4bd1fb0f4f44
upstream: https://hg.python.org/cpython/rev/c7b93519807a


python3.2
Launchpad, Ubuntu, Debian
lucid Does not exist

precise
Released (3.2.3-0ubuntu3.7)
saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

vivid Does not exist

python3.4
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

saucy Does not exist

trusty
Released (3.4.0-2ubuntu1.1)
upstream
Released (3.4.1)
utopic Not vulnerable
(3.4.1-6)
vivid Not vulnerable
(3.4.1-6)
Patches:



upstream: http://hg.python.org/cpython/rev/7b95540ced5c/
upstream: https://hg.python.org/cpython/rev/ef52ae167555