buffer() integer overflows¶
Warning
This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.
The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the Open Source Vulnerability Database.
Integer overflow in bufferobject.c
in Python before 2.7.8 allows
context-dependent attackers to obtain sensitive information from process
memory via a large size and offset in a buffer
type.
Dates:
- Disclosure date: 2014-06-24 (Python issue bpo-21831 reported)
- Reported by: Chris Foster (on the Python security list)
Fixed In¶
- Python 2.7.8 (2014-06-30) fixed by commit 550b945 (branch 2.7) (2014-06-24)
Python issue¶
integer overflow in ‘buffer’ type allows reading memory.
- Python issue: bpo-21831
- Creation date: 2014-06-24
- Reporter: Benjamin Peterson
CVE-2014-7185¶
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a “buffer” function.
- CVE ID: CVE-2014-7185
- Published: 2014-10-08
- CVSS Score: 6.4
Timeline¶
Timeline using the disclosure date 2014-06-24 as reference:
- 2014-06-24: Python issue bpo-21831 reported by Benjamin Peterson
- 2014-06-24: commit 550b945 (branch 2.7)
- 2014-06-30 (+6 days): Python 2.7.8 released
- 2014-10-08 (+106 days): CVE-2014-7185 published