buffer() integer overflows¶

Warning

This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.

The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the Open Source Vulnerability Database.

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a buffer type.

Dates:

Disclosure date: 2014-06-24 (Python issue bpo-21831 reported)
Reported by: Chris Foster (on the Python security list)

Fixed In¶

Python 2.7.8 (2014-06-30) fixed by commit 550b945 (branch 2.7) (2014-06-24)

Python issue¶

integer overflow in ‘buffer’ type allows reading memory.

Python issue: bpo-21831
Creation date: 2014-06-24
Reporter: Benjamin Peterson

CVE-2014-7185¶

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a “buffer” function.

CVE ID: CVE-2014-7185
Published: 2014-10-08
CVSS Score: 6.4

Timeline¶

Timeline using the disclosure date 2014-06-24 as reference:

2014-06-24: Python issue bpo-21831 reported by Benjamin Peterson
2014-06-24: commit 550b945 (branch 2.7)
2014-06-30 (+6 days): Python 2.7.8 released
2014-10-08 (+106 days): CVE-2014-7185 published

buffer() integer overflows¶

Fixed In¶

Python issue¶

CVE-2014-7185¶

Timeline¶

Table of Contents

Previous topic

Next topic

This Page