CVE-2014-4616
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
| Software | From | Fixed in |
|---|---|---|
| python / python | 3.3.0 | 3.3.6 |
| python / python | 2.7.0 | 2.7.7 |
| python / python | 3.0.0 | 3.2.6 |
| python / python | 3.4.0 | 3.4.1 |
| simplejson_project / simplejson | - | 2.6.1 |
| opensuse_project / opensuse | 12.3 | 12.3.x |
| opensuse / opensuse | 13.1 | 13.1.x |
simplejson
|
- | 2.6.1 |
- http://bugs.python.org/issue21529
- http://lists.opensuse.org/opensuse-updates/2014-07/msg00015.html
- http://openwall.com/lists/oss-security/2014/06/24/7
- http://rhn.redhat.com/errata/RHSA-2015-1064.html
- http://www.securityfocus.com/bid/68119
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395
- https://bugzilla.redhat.com/show_bug.cgi?id=1112285
- https://hackerone.com/reports/12297
- https://security.gentoo.org/glsa/201503-10
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime