CVE-2014-7185 — Integer Overflow or Wraparound in Python

CWE-189 CWE-190 — Integer Overflow or Wraparound CWE-125 — Out-of-bounds Read CWE-200 — Sensitive Information Exposure9 documents8 sources

Severity

6.4MEDIUMNVD

OSV7.5

EPSS

0.9%

top 24.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Python2.7 Apple MAC OS X Python +1 more

Timeline

PublishedOct 8

Latest updateMay 13

Description

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages4 packages

▶debiandebian/python2.7< python2.7 2.7.8-1 (bullseye)

▶NVDpython/python2.7.7+8

▶NVDapple/mac_os_x10.10.4

▶Appleapple/os_x_yosemite_v10.10.5_and_security_update_2015-006

🔴Vulnerability Details

GHSA

GHSA-4p82-prjq-g7wr: Integer overflow in bufferobject↗2022-05-13

▶

OSV

python2.7, python3.2, python3.4 vulnerabilities↗2015-06-25

▶

OSV

CVE-2014-7185: Integer overflow in bufferobject↗2014-10-08

▶

📋Vendor Advisories

Ubuntu

Python vulnerabilities↗2015-06-25

▶

Red Hat

python: buffer() integer overflow leading to out of bounds read↗2014-06-23

▶

Debian

CVE-2014-7185: python2.7 - Integer overflow in bufferobject.c in Python before 2.7.8 allows context-depende...↗2014

▶

Apple

CVE-2014-7185: OS X Yosemite v10.10.5 and Security Update 2015-006↗

▶

💬Community

Bugzilla

CVE-2014-7185 python: buffer() integer overflow leading to out of bounds read↗2014-09-24

▶