ID CVE-2014-7185
Summary Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
References
Vulnerable Configurations
  • Python 2.7
    cpe:2.3:a:python:python:2.7
  • Python 2.7.1
    cpe:2.3:a:python:python:2.7.1
  • Python 2.7.1 Release Candiate 1
    cpe:2.3:a:python:python:2.7.1:rc1
  • Python 2.7.1150
    cpe:2.3:a:python:python:2.7.1150
  • Python 2.7.1150 (x64) 64-bit
    cpe:2.3:a:python:python:2.7.1150:-:-:-:-:-:x64
  • Python 2.7.2 Release Candidate 1
    cpe:2.3:a:python:python:2.7.2:rc1
  • Python 2.7.2150
    cpe:2.3:a:python:python:2.7.2150
  • Python 2.7.3
    cpe:2.3:a:python:python:2.7.3
  • Python 2.7.4
    cpe:2.3:a:python:python:2.7.4
  • Python 2.7.5
    cpe:2.3:a:python:python:2.7.5
  • Python 2.7.6
    cpe:2.3:a:python:python:2.7.6
  • Python 2.7.7
    cpe:2.3:a:python:python:2.7.7
  • Apple Mac OS X 10.10.4
    cpe:2.3:o:apple:mac_os_x:10.10.4
CVSS
Base: 6.4 (as of 30-03-2016 - 14:42)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE PARTIAL
redhat via4
advisories
  • bugzilla
    id 1223037
    title Python raises exception on deepcopy of instance methods
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment python is earlier than 0:2.6.6-64.el6
          oval oval:com.redhat.rhsa:tst:20151330011
        • comment python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554008
      • AND
        • comment python-devel is earlier than 0:2.6.6-64.el6
          oval oval:com.redhat.rhsa:tst:20151330013
        • comment python-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554010
      • AND
        • comment python-libs is earlier than 0:2.6.6-64.el6
          oval oval:com.redhat.rhsa:tst:20151330007
        • comment python-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554014
      • AND
        • comment python-test is earlier than 0:2.6.6-64.el6
          oval oval:com.redhat.rhsa:tst:20151330015
        • comment python-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554016
      • AND
        • comment python-tools is earlier than 0:2.6.6-64.el6
          oval oval:com.redhat.rhsa:tst:20151330009
        • comment python-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554012
      • AND
        • comment tkinter is earlier than 0:2.6.6-64.el6
          oval oval:com.redhat.rhsa:tst:20151330005
        • comment tkinter is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554018
    rhsa
    id RHSA-2015:1330
    released 2015-07-22
    severity Moderate
    title RHSA-2015:1330: python security, bug fix, and enhancement update (Moderate)
  • bugzilla
    id 1259421
    title Backport SSLSocket.version() to python 2.7.5
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment python is earlier than 0:2.7.5-34.el7
          oval oval:com.redhat.rhsa:tst:20152101005
        • comment python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554008
      • AND
        • comment python-debug is earlier than 0:2.7.5-34.el7
          oval oval:com.redhat.rhsa:tst:20152101015
        • comment python-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152101016
      • AND
        • comment python-devel is earlier than 0:2.7.5-34.el7
          oval oval:com.redhat.rhsa:tst:20152101017
        • comment python-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554010
      • AND
        • comment python-libs is earlier than 0:2.7.5-34.el7
          oval oval:com.redhat.rhsa:tst:20152101013
        • comment python-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554014
      • AND
        • comment python-test is earlier than 0:2.7.5-34.el7
          oval oval:com.redhat.rhsa:tst:20152101009
        • comment python-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554016
      • AND
        • comment python-tools is earlier than 0:2.7.5-34.el7
          oval oval:com.redhat.rhsa:tst:20152101007
        • comment python-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554012
      • AND
        • comment tkinter is earlier than 0:2.7.5-34.el7
          oval oval:com.redhat.rhsa:tst:20152101011
        • comment tkinter is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554018
    rhsa
    id RHSA-2015:2101
    released 2015-06-25
    severity Moderate
    title RHSA-2015:2101: python security, bug fix, and enhancement update (Moderate)
rpms
  • python-0:2.6.6-64.el6
  • python-devel-0:2.6.6-64.el6
  • python-libs-0:2.6.6-64.el6
  • python-test-0:2.6.6-64.el6
  • python-tools-0:2.6.6-64.el6
  • tkinter-0:2.6.6-64.el6
  • python-0:2.7.5-34.el7
  • python-debug-0:2.7.5-34.el7
  • python-devel-0:2.7.5-34.el7
  • python-libs-0:2.7.5-34.el7
  • python-test-0:2.7.5-34.el7
  • python-tools-0:2.7.5-34.el7
  • tkinter-0:2.7.5-34.el7
refmap via4
apple APPLE-SA-2015-08-13-2
bid 70089
confirm
fedora FEDORA-2014-11559
gentoo GLSA-201503-10
mlist
  • [oss-security] 20140923 CVE Request: Python 2.7
  • [oss-security] 20140925 Re: CVE Request: Python 2.7
suse openSUSE-SU-2014:1292
xf python-bufferobject-overflow(96193)
Last major update 14-10-2016 - 21:59
Published 08-10-2014 - 13:55
Last modified 07-09-2017 - 21:29
Back to Top