CVE-2014-1912
published 2014-03-01CVE-2014-1912: Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows…
PriorityP263high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
28.32%
97.9th percentile
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
Affected
50 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | <= 10.10.4 | — |
| apple | os_x_yosemite_v10.10.5_and_security_update_2015-006 | — | — |
| debian | python2.7 | < python2.7 2.7.6-6 (bullseye) | python2.7 2.7.6-6 (bullseye) |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerable function socket.recvfrom_into() fails to check the size of the supplied buffer, leading to a buffer overflow exploitable via crafted network traffic. Monitor for abnormal buffer sizes passed to this function. ↗
- →The PoC exploit writes a crafted payload to a local file named 'egg' and uses a reverse shell shellcode targeting a remote IP/port; network defenders should watch for unexpected outbound connections from Python processes. ↗
- →Affected Python packages in Red Hat Software Collections: python27-python and python33-python. Audit installed versions for python27-python (Affected) and python33-python (Will not fix). ↗
- ·Python 2.5 and versions before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 are vulnerable; versions shipped with RHEL 5 did not include the vulnerable function and are not affected. ↗
- ·The PoC shellcode contains a hardcoded reverse IP (0xc0a80434 = 192.168.4.52) and port (0x7a69 = 31337); actual exploitation payloads will vary these values. ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5LOW
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jhx7-j4rm-xpm8: Buffer overflow in the socket
ghsa_unreviewed·2022-05-13
CVE-2014-1912 [HIGH] CWE-119 GHSA-jhx7-j4rm-xpm8: Buffer overflow in the socket
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
OSV
CVE-2014-1912: Buffer overflow in the socket
osv·2014-03-01·CVSS 7.5
CVE-2014-1912 [HIGH] CVE-2014-1912: Buffer overflow in the socket
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
Ubuntu
Python vulnerability
vendor_ubuntu·2014-03-03
CVE-2014-1912 Python vulnerability
Title: Python vulnerability
Summary: Python could be made to crash or run programs if it received specially
crafted network traffic.
Ryan Smith-Roberts discovered that Python incorrectly handled buffer sizes
when using the socket.recvfrom_into() function. An attacker could possibly
use this issue to cause Python to crash, resulting in denial of service, or
possibly execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
python: buffer overflow in socket.recvfrom_into()
vendor_redhat·2014-01-14·CVSS 7.5
CVE-2014-1912 [HIGH] CWE-120 python: buffer overflow in socket.recvfrom_into()
python: buffer overflow in socket.recvfrom_into()
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
It was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer.
Statement: This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 as they did not include the vulnerable socket.recvfrom_into() function. This issue was also corrected in the version of python shipped with Red Hat Enterprise Linux 7.0 prior to release.
The Red Hat Security Resp
Debian
CVE-2014-1912: python2.7 - Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c i...
vendor_debian·2014·CVSS 7.5
CVE-2014-1912 [HIGH] CVE-2014-1912: python2.7 - Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c i...
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
Scope: local
bullseye: resolved (fixed in 2.7.6-6)
Apple
CVE-2014-1912: OS X Yosemite v10.10.5 and Security Update 2015-006
vendor_apple·CVSS 7.5
CVE-2014-1912 [HIGH] CVE-2014-1912: OS X Yosemite v10.10.5 and Security Update 2015-006
Apple Security Update: About the security content of OS X Yosemite v10.10.5 and Security Update 2015-006
Product: OS X Yosemite v10.10.5 and Security Update 2015-006
CVE: CVE-2014-1912
Component: CVE-2014-1912
No detection rules found.
Bugzilla
CVE-2014-1912 python26: python: buffer overflow in socket.recvfrom_into() [epel-5]
bugzilla·2014-10-27·CVSS 7.5
CVE-2014-1912 [HIGH] CVE-2014-1912 python26: python: buffer overflow in socket.recvfrom_into() [epel-5]
CVE-2014-1912 python26: python: buffer overflow in socket.recvfrom_into() [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-5 tracking bug for python26: see blocks b
Bugzilla
CVE-2014-1912 - Buffer overflow in the socket.recvfrom_into function
bugzilla·2014-09-23·CVSS 7.5
CVE-2014-1912 [HIGH] CVE-2014-1912 - Buffer overflow in the socket.recvfrom_into function
CVE-2014-1912 - Buffer overflow in the socket.recvfrom_into function
Description of problem:
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
Version-Release number of selected component (if applicable):
python27-python-2.7.5-10.el6
Discussion:
I consulted this issue with the Red Hat Security Response Team, which has rated this issue as having Moderate security impact (https://bugzilla.redhat.com/show_bug.cgi?id=1062370#c12). Even if a future update may address this issue in Red Hat Software Collections 1, the bug needs to be cloned by the Security Response Team itself, so closing this bug for now. Thanks for unders
Bugzilla
CVE-2014-1912 python: buffer overflow in socket.recvfrom_into()
bugzilla·2014-02-06·CVSS 7.5
CVE-2014-1912 [HIGH] CVE-2014-1912 python: buffer overflow in socket.recvfrom_into()
CVE-2014-1912 python: buffer overflow in socket.recvfrom_into()
A vulnerability was reported [1] in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code.
This vulnerable function, socket.recvfrom_into(), was introduced in Python 2.5. Earlier versions are not affected by this flaw. This is fixed in upstream branches for version 2.7 [2] and version 3.3 [3].
[1] http://bugs.python.org/issue20246
[2] http://hg.python.org/cpython/rev/87673659d8f7
[3] http://hg.python.org/cpython/rev/7f176a45211f/
Discussion:
arXiv
ShadowBound: Efficient Heap Memory Protection Through Advanced Metadata Management and Customized Compiler Optimization
arxiv_fulltext·2024-09-23
ShadowBound: Efficient Heap Memory Protection Through Advanced Metadata Management and Customized Compiler Optimization
ShadowBound
[1]blue#1
: Efficient Heap Memory Protection Through Advanced Metadata Management and Customized Compiler Optimization -10pt
Zheng Yu
Northwestern University
Ganxiang Yang
Northwestern University
Xinyu Xing
Northwestern University
### Abstract
In software development, the prevalence of unsafe languages such as C and C++ introduces potential vulnerabilities, especially within the heap, a pivotal component for dynamic memory allocation. Despite its significance, heap management complexities have made heap corruption pervasive, posing severe threats to system security. While prior solutions aiming for temporal and spatial memory safety exhibit overheads deemed impractical, we present , a unique heap memory protection design. At its core, is an efficient out-of-bounds defe
arXiv
Path-wise Vulnerability Mitigation
arxiv_fulltext·2024-05-25
Path-wise Vulnerability Mitigation
Path-wise Vulnerability Mitigation
Zhen Huang1 Hiristina Dokic2
DePaul University, Chicago IL, USA \ [email protected]
DePaul University, Chicago IL, USA \ @depaul.edu
0
First Author10000-1111-2222-3333
Second Author2,31111-2222-3333-4444
Third Author32222--3333-4444-5555
F. Author et al.
Princeton University, Princeton NJ 08544, USA
Springer Heidelberg, Tiergartenstr. 17, 69121 Heidelberg, Germany
[email protected]
http://www.springer.com/gp/computer-science/lncs
ABC Institute, Rupert-Karls-University Heidelberg, Heidelberg, Germany
\abc,lncs\@uni-heidelberg.de
## Abstract
Software vulnerabilities are prevalent but fixing software vulnerabilities is not trivial. Studies have shown that a considerable pre-patch window exists because it often takes weeks or months for software vendo
arXiv
Tightly Seal Your Sensitive Pointers with PACTight
arxiv_fulltext·2022-03-28
Tightly Seal Your Sensitive Pointers with PACTight
Tightly Seal Your Sensitive Pointers with
Mohannad Ismail
Andrew Quach
Christopher Jelesnianski
Yeongjin Jang
Changwoo Min
Virginia Tech
Oregon State University
## Abstract
ARM is becoming more popular in desktops and data centers, opening a new
realm in terms of security attacks against ARM.
ARM has released
Pointer Authentication, a new hardware security feature that is intended
to ensure pointer integrity with cryptographic primitives.
In this paper, we utilize Pointer Authentication (PA) to build a novel scheme to
completely prevent any misuse of security-sensitive pointers. We propose
to tightly seal these pointers.
utilizes a strong and
unique modifier that addresses the current issues with the state-of-the-art
PA defense mechanisms.
We implement four
defenses based on the mec
http://bugs.python.org/issue20246http://hg.python.org/cpython/rev/87673659d8f7http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttp://lists.opensuse.org/opensuse-updates/2014-04/msg00035.htmlhttp://lists.opensuse.org/opensuse-updates/2014-05/msg00008.htmlhttp://pastebin.com/raw.php?i=GHXSmNEghttp://rhn.redhat.com/errata/RHSA-2015-1064.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1330.htmlhttp://www.debian.org/security/2014/dsa-2880http://www.exploit-db.com/exploits/31875http://www.openwall.com/lists/oss-security/2014/02/12/16http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/65379http://www.securitytracker.com/id/1029831http://www.ubuntu.com/usn/USN-2125-1https://security.gentoo.org/glsa/201503-10https://support.apple.com/kb/HT205031https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/http://bugs.python.org/issue20246http://hg.python.org/cpython/rev/87673659d8f7http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttp://lists.opensuse.org/opensuse-updates/2014-04/msg00035.htmlhttp://lists.opensuse.org/opensuse-updates/2014-05/msg00008.htmlhttp://pastebin.com/raw.php?i=GHXSmNEghttp://rhn.redhat.com/errata/RHSA-2015-1064.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1330.htmlhttp://www.debian.org/security/2014/dsa-2880http://www.exploit-db.com/exploits/31875http://www.openwall.com/lists/oss-security/2014/02/12/16http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/65379http://www.securitytracker.com/id/1029831http://www.ubuntu.com/usn/USN-2125-1https://security.gentoo.org/glsa/201503-10https://support.apple.com/kb/HT205031https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/
2014-03-01
Published