.. _buffer-integer-overflows: buffer() integer overflows ========================== .. warning:: This resource is maintained for historical reference and **does not contain the latest vulnerability info for Python**. The `canonical database for vulnerabilities affecting Python `_ is available on GitHub in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the `Open Source Vulnerability Database `_. Integer overflow in ``bufferobject.c`` in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a ``buffer`` type. Dates: * Disclosure date: **2014-06-24** (Python issue bpo-21831 reported) * Reported by: Chris Foster (on the Python security list) Fixed In -------- * Python **2.7.8** (2014-06-30) fixed by `commit 550b945 (branch 2.7) `_ (2014-06-24) Python issue ------------ integer overflow in 'buffer' type allows reading memory. * Python issue: `bpo-21831 `_ * Creation date: 2014-06-24 * Reporter: Benjamin Peterson CVE-2014-7185 ------------- Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. * CVE ID: `CVE-2014-7185 `_ * Published: 2014-10-08 * `CVSS Score `_: 6.4 Timeline -------- Timeline using the disclosure date **2014-06-24** as reference: * 2014-06-24: `Python issue bpo-21831 `_ reported by Benjamin Peterson * 2014-06-24: `commit 550b945 (branch 2.7) `_ * 2014-06-30 (**+6 days**): Python 2.7.8 released * 2014-10-08 (**+106 days**): CVE-2014-7185 published