45 matches found
python: missing boundary check in JSON module
A flaw was found in the way the json module handled negative index argument passed to certain functions such as rawdecode. An attacker able to control index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory...
Medium: python27
Issue Overview: It was reported http://bugs.python.org/issue21529 that Python built-in json module have a flaw insufficient bounds checking, which allows a local user to read current process' arbitrary memory. Quoting the upstream bug report: The sole prerequisites of this attack are that the...
[oss-security] CVE request: python: _json module is vulnerable to arbitrary process memory read
Hello, It was reported 1 that Python built-in json module have a flaw insufficient bounds checking, which allows a local user to read current process' arbitrary memory. From initial bug report 1: ... The sole prerequisites of this attack are that the attacker is able to control or influence the t...
openSUSE Security Update : python / python3 (openSUSE-SU-2014:0890-1)
python and python3 were updated to fix one security issue. This security issue was fixed : - Missing boundary check in JSON module CVE-2014-4616 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
UBUNTU-CVE-2014-4616
Array index error in the scanstring function in the json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the rawdecode function...