Lucene search

PRIOn knowledge basePRION:CVE-2012-2135

HistoryAug 14, 2012 - 10:55 p.m.

Memory corruption

2012-08-1422:55:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.033 Low

EPSS

Percentile

91.0%

JSON

The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.

CPENameOperatorVersion
ubuntu_linuxeq11.04
ubuntu_linuxeq11.10
ubuntu_linuxeq12.10
ubuntu_linuxeq10.04
ubuntu_linuxeq12.04
debian_linuxeq6.0
pythonge3.3.0
pythonlt3.3.3
pythonge3.2.0
pythonlt3.2.4

Name	Operator	Version
ubuntu_linux	eq	11.04
ubuntu_linux	eq	11.10
ubuntu_linux	eq	12.10
ubuntu_linux	eq	10.04
ubuntu_linux	eq	12.04
debian_linux	eq	6.0
python	ge	3.3.0
python	lt	3.3.3
python	ge	3.2.0
python	lt	3.2.4

Rows per page:

1-10 of 121

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=670389

bugs.python.org/issue14579

secunia.com/advisories/51087

secunia.com/advisories/51089

www.openwall.com/lists/oss-security/2012/04/25/2

www.openwall.com/lists/oss-security/2012/04/25/4

www.ubuntu.com/usn/USN-1615-1

www.ubuntu.com/usn/USN-1616-1

7.4 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.033 Low

EPSS

Percentile

91.0%

JSON

Related for PRION:CVE-2012-2135