Buffer overflow in Python



Published: 2014-03-01 | Updated: 2020-07-28
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2014-1912
CWE-ID CWE-119
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe 		Python
Universal components / Libraries / Scripting languages

Vendor Python.org

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU32578

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2014-1912

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Python: 2.5 - 2.5_release_candidate_2

External links

http://bugs.python.org/issue20246
http://hg.python.org/cpython/rev/87673659d8f7
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.opensuse.org/opensuse-updates/2014-04/msg00035.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html
http://pastebin.com/raw.php?i=GHXSmNEg
http://rhn.redhat.com/errata/RHSA-2015-1064.html
http://rhn.redhat.com/errata/RHSA-2015-1330.html
http://www.debian.org/security/2014/dsa-2880
http://www.exploit-db.com/exploits/31875
http://www.openwall.com/lists/oss-security/2014/02/12/16
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/65379
http://www.securitytracker.com/id/1029831
http://www.ubuntu.com/usn/USN-2125-1
http://security.gentoo.org/glsa/201503-10
http://support.apple.com/kb/HT205031
http://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###