.. _jsondecoder-raw_decode:

JSONDecoder.raw_decode
======================

.. warning::
    This resource is maintained for historical reference and **does not contain the latest vulnerability info for Python**.

    The `canonical database for vulnerabilities affecting Python <https://github.com/psf/advisory-database>`_ is available on GitHub
    in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the
    `Open Source Vulnerability Database <https://osv.dev/list?ecosystem=&q=CVE-2014-4616>`_.

Fix arbitrary memory access in ``JSONDecoder.raw_decode()`` with a negative
second parameter.

Note: The issue #21529 was created at 2014-05-19, after the commit.

Dates:

* Disclosure date: **2014-04-13** (commit)
* Reported by: Guido Vranken
* `Red Hat impact <https://access.redhat.com/security/updates/classification/>`_: Moderate

Fixed In
--------

* Python **2.7.7** (2014-05-31) fixed by `commit 6c939cb (branch 2.7) <https://github.com/python/cpython/commit/6c939cb6f6dfbd273609577b0022542d31ae2802>`_ (2014-04-14)
* Python **3.2.6** (2014-10-12) fixed by `commit 99b5afa (branch 3.2) <https://github.com/python/cpython/commit/99b5afab74428e5ddfd877bdf3aa8a8c479696b1>`_ (2014-04-14)
* Python **3.3.6** (2014-10-12) fixed by `commit 99b5afa (branch 3.2) <https://github.com/python/cpython/commit/99b5afab74428e5ddfd877bdf3aa8a8c479696b1>`_ (2014-04-14)
* Python **3.4.1** (2014-05-18) fixed by `commit 99b5afa (branch 3.2) <https://github.com/python/cpython/commit/99b5afab74428e5ddfd877bdf3aa8a8c479696b1>`_ (2014-04-14)
* Python **3.5.0** (2015-09-12) fixed by `commit 99b5afa (branch 3.2) <https://github.com/python/cpython/commit/99b5afab74428e5ddfd877bdf3aa8a8c479696b1>`_ (2014-04-14)

Python issue
------------

JSON module: reading arbitrary process memory.

* Python issue: `bpo-21529 <https://bugs.python.org/issue21529>`_
* Creation date: 2014-05-19
* Reporter: Benjamin Peterson

CVE-2014-4616
-------------

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.

* CVE ID: `CVE-2014-4616 <https://nvd.nist.gov/vuln/detail/CVE-2014-4616/>`_
* Published: 2017-08-24
* `CVSS Score <https://nvd.nist.gov/cvss.cfm>`_: 4.3

Timeline
--------

Timeline using the disclosure date **2014-04-13** as reference:

* 2014-04-13: Disclosure date (commit)
* 2014-04-14 (**+1 days**): `commit 6c939cb (branch 2.7) <https://github.com/python/cpython/commit/6c939cb6f6dfbd273609577b0022542d31ae2802>`_
* 2014-04-14 (**+1 days**): `commit 99b5afa (branch 3.2) <https://github.com/python/cpython/commit/99b5afab74428e5ddfd877bdf3aa8a8c479696b1>`_
* 2014-05-18 (**+35 days**): Python 3.4.1 released
* 2014-05-19 (**+36 days**): `Python issue bpo-21529 <https://bugs.python.org/issue21529>`_ reported by Benjamin Peterson
* 2014-05-31 (**+48 days**): Python 2.7.7 released
* 2014-10-12 (**+182 days**): Python 3.2.6 released
* 2014-10-12 (**+182 days**): Python 3.3.6 released
* 2015-09-12: Python 3.5.0 released
* 2017-08-24 (**+1229 days**): CVE-2014-4616 published

Links
-----

* https://access.redhat.com/security/cve/cve-2014-4616