CVE-2012-2135

2012-08-1400:00:00

ubuntu.com

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.033 Low

EPSS

Percentile

91.2%

JSON

The utf-16 decoder in Python 3.1 through 3.3 does not update the
aligned_end variable after calling the unicode_decode_call_errorhandler
function, which allows remote attackers to obtain sensitive information
(process memory) or cause a denial of service (memory corruption and crash)
via unspecified vectors.

Bugs

Notes

Author	Note
jdstrand	python3 only patch in upstream bug is in Debian, but not committed upstream
mdeslaur	3.3 wasn’t affected. Only tests were commited.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchpython3.1< 3.1.2-0ubuntu3.2UNKNOWN
ubuntu11.04noarchpython3.1< 3.1.3-1ubuntu1.2UNKNOWN
ubuntu11.04noarchpython3.2< 3.2-1ubuntu1.2UNKNOWN
ubuntu11.10noarchpython3.2< 3.2.2-0ubuntu1.1UNKNOWN
ubuntu12.04noarchpython3.2< 3.2.3-0ubuntu3.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	python3.1	< 3.1.2-0ubuntu3.2	UNKNOWN
ubuntu	11.04	noarch	python3.1	< 3.1.3-1ubuntu1.2	UNKNOWN
ubuntu	11.04	noarch	python3.2	< 3.2-1ubuntu1.2	UNKNOWN
ubuntu	11.10	noarch	python3.2	< 3.2.2-0ubuntu1.1	UNKNOWN
ubuntu	12.04	noarch	python3.2	< 3.2.3-0ubuntu3.2	UNKNOWN