CVE-2014-4616

Description

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.

CVSS Metrics

• v3.1•MEDIUM•Score: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
• v3.0•MEDIUM•Score: 5.9CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
• v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.43%• Percentile: 63%

Techniques & Countermeasures

• CWE-129•Improper Validation of Array Index

  The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

Affected Systems

• opensuse_project•opensuse

  12.3

• opensuse•opensuse

  13.1

• PyPI•simplejson

  < 2.6.1

• python•python

  ≥ 2.7.0, < 2.7.7 | ≥ 3.0.0, < 3.2.6 | ≥ 3.3.0, < 3.3.6 | ≥ 3.4.0, < 3.4.1

• simplejson_project•simplejson

  < 2.6.1

References (11)

• https://hackerone.com/reports/12297
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395
• http://rhn.redhat.com/errata/RHSA-2015-1064.html
• http://www.securityfocus.com/bid/68119
• http://lists.opensuse.org/opensuse-updates/2014-07/msg00015.html
• https://security.gentoo.org/glsa/201503-10
• http://openwall.com/lists/oss-security/2014/06/24/7
• http://bugs.python.org/issue21529
• https://bugzilla.redhat.com/show_bug.cgi?id=1112285
• https://nvd.nist.gov/vuln/detail/CVE-2014-4616
• https://github.com/simplejson/simplejson