JSONDecoder.raw_decode

Warning

This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.

The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the Open Source Vulnerability Database.

Fix arbitrary memory access in JSONDecoder.raw_decode() with a negative second parameter.

Note: The issue #21529 was created at 2014-05-19, after the commit.

Dates:

  • Disclosure date: 2014-04-13 (commit)
  • Reported by: Guido Vranken
  • Red Hat impact: Moderate

Fixed In

Python issue

JSON module: reading arbitrary process memory.

  • Python issue: bpo-21529
  • Creation date: 2014-05-19
  • Reporter: Benjamin Peterson

CVE-2014-4616

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.

Timeline

Timeline using the disclosure date 2014-04-13 as reference:

  • 2014-04-13: Disclosure date (commit)
  • 2014-04-14 (+1 days): commit 6c939cb (branch 2.7)
  • 2014-04-14 (+1 days): commit 99b5afa (branch 3.2)
  • 2014-05-18 (+35 days): Python 3.4.1 released
  • 2014-05-19 (+36 days): Python issue bpo-21529 reported by Benjamin Peterson
  • 2014-05-31 (+48 days): Python 2.7.7 released
  • 2014-10-12 (+182 days): Python 3.2.6 released
  • 2014-10-12 (+182 days): Python 3.3.6 released
  • 2015-09-12: Python 3.5.0 released
  • 2017-08-24 (+1229 days): CVE-2014-4616 published