socket.recvfrom_into() overflow¶
Warning
This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.
The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the Open Source Vulnerability Database.
socket.recvfrom_into()
fails to check that the supplied buffer object
is big enough for the requested read and so will happily write off the end.
Dates:
- Disclosure date: 2014-01-14 (Python issue bpo-20246 reported)
Fixed In¶
- Python 2.7.7 (2014-05-31) fixed by commit 28cf368 (branch 2.7) (2014-01-14)
- Python 3.2.6 (2014-10-12) fixed by commit fbf648e (branch 3.3) (2014-01-14)
- Python 3.3.4 (2014-02-09) fixed by commit fbf648e (branch 3.3) (2014-01-14)
- Python 3.4.0 (2014-03-16) fixed by commit fbf648e (branch 3.3) (2014-01-14)
Python issue¶
buffer overflow in socket.recvfrom_into.
- Python issue: bpo-20246
- Creation date: 2014-01-14
- Reporter: Ryan Smith-Roberts
CVE-2014-1912¶
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
- CVE ID: CVE-2014-1912
- Published: 2014-03-01
- CVSS Score: 7.5
Timeline¶
Timeline using the disclosure date 2014-01-14 as reference:
- 2014-01-14: Python issue bpo-20246 reported by Ryan Smith-Roberts
- 2014-01-14: commit 28cf368 (branch 2.7)
- 2014-01-14: commit fbf648e (branch 3.3)
- 2014-02-09 (+26 days): Python 3.3.4 released
- 2014-03-01 (+46 days): CVE-2014-1912 published
- 2014-03-16: Python 3.4.0 released
- 2014-05-31 (+137 days): Python 2.7.7 released
- 2014-10-12 (+271 days): Python 3.2.6 released