CVE-2014-4616 — Improper Validation of Array Index in Python

CWE-129 — Improper Validation of Array Index CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents8 sources

Severity

5.9MEDIUMNVD

EPSS

0.6%

top 31.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Python Simplejson Project Simplejson Opensuse +1 more

Timeline

PublishedAug 24

Latest updateMay 14

Description

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶NVDpython/python2.7.0 — 2.7.7+3

▶NVDsimplejson_project/simplejson< 2.6.1

▶NVDopensuse/opensuse13.1

▶NVDopensuse_project/opensuse12.3

Patches

Patch: bugzilla.redhat.com ↗Patch: hackerone.com ↗Patch: security.gentoo.org ↗

🔴Vulnerability Details

OSV

simplejson before 2.6.1 vulnerable to array index error↗2022-05-14

▶

GHSA

simplejson before 2.6.1 vulnerable to array index error↗2022-05-14

▶

OSV

CVE-2014-4616: Array index error in the scanstring function in the _json module in Python 2↗2017-08-24

▶

CVEList

CVE-2014-4616: Array index error in the scanstring function in the _json module in Python 2↗2017-08-24

▶

OSV

python2.7, python3.2, python3.4 vulnerabilities↗2015-06-25

▶

📋Vendor Advisories

Ubuntu

Python vulnerabilities↗2015-06-25

▶

Red Hat

python: missing boundary check in JSON module↗2014-05-19

▶

Debian

CVE-2014-4616: python2.7 - Array index error in the scanstring function in the _json module in Python 2.7 t...↗2014

▶

💬Community

Bugzilla

CVE-2014-4616 python26-simplejson: python: missing boundary check in JSON module [epel-5]↗2014-07-02

▶

Bugzilla

CVE-2014-4616 python-simplejson: python: missing boundary check in JSON module [fedora-all]↗2014-07-02

▶

Bugzilla

CVE-2014-4616 python-simplejson: python: missing boundary check in JSON module [epel-7]↗2014-07-02

▶

Bugzilla

CVE-2014-4616 python: missing boundary check in JSON module↗2014-06-23

▶