JSONDecoder.raw_decode¶
Fix arbitrary memory access in JSONDecoder.raw_decode() with a negative
second parameter.
Note: The issue #21529 was created at 2014-05-19, after the commit.
Dates:
- Disclosure date: 2014-04-13 (commit)
- Reported by: Guido Vranken
- Red Hat impact: Moderate
Fixed In¶
- Python 2.7.7 (2014-05-31) fixed by commit 6c939cb (branch 2.7) (2014-04-14)
- Python 3.2.6 (2014-10-12) fixed by commit 99b5afa (branch 3.2) (2014-04-14)
- Python 3.3.6 (2014-10-12) fixed by commit 99b5afa (branch 3.2) (2014-04-14)
- Python 3.4.1 (2014-05-18) fixed by commit 99b5afa (branch 3.2) (2014-04-14)
- Python 3.5.0 (2015-09-12) fixed by commit 99b5afa (branch 3.2) (2014-04-14)
Python issue¶
JSON module: reading arbitrary process memory.
- Python issue: bpo-21529
- Creation date: 2014-05-19
- Reporter: Benjamin Peterson
CVE-2014-4616¶
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
- CVE ID: CVE-2014-4616
- Published: 2017-08-24
- CVSS Score: 4.3
Timeline¶
Timeline using the disclosure date 2014-04-13 as reference:
- 2014-04-13: Disclosure date (commit)
- 2014-04-14 (+1 days): commit 6c939cb (branch 2.7)
- 2014-04-14 (+1 days): commit 99b5afa (branch 3.2)
- 2014-05-18 (+35 days): Python 3.4.1 released
- 2014-05-19 (+36 days): Python issue bpo-21529 reported by Benjamin Peterson
- 2014-05-31 (+48 days): Python 2.7.7 released
- 2014-10-12 (+182 days): Python 3.2.6 released
- 2014-10-12 (+182 days): Python 3.3.6 released
- 2015-09-12: Python 3.5.0 released
- 2017-08-24 (+1229 days): CVE-2014-4616 published