Vulnerability in the utf-16 decoder after error handling

Vulnerability in the UTF-16 decoder after error handling.

• Disclosure date: 2012-04-14

Fixed In

• Python 2.7.4 (2013-04-06) fixed by commit 715a63b (branch 2.7) (2012-07-20)
• Python 3.2.4 (2013-04-07) fixed by commit 715a63b (branch 2.7) (2012-07-20)
• Python 3.3.0 (2012-09-29) fixed by commit b4bbee2 (branch 3.3) (2012-07-20)

Python issue

CVE-2012-2135: Vulnerability in the utf-16 decoder after error handling.

• Python issue: bpo-14579
• Creation date: 2012-04-14
• Reporter: Serhiy Storchaka

CVE-2012-2135

The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.

• CVE ID: CVE-2012-2135
• Published: 2012-08-14
• CVSS Score: 6.4

Timeline

Timeline using the disclosure date 2012-04-14 as reference:

• 2012-04-14: Disclosure date
• 2012-04-14 (+0 days): Python issue bpo-14579 reported by Serhiy Storchaka
• 2012-07-20 (+97 days): commit 715a63b (branch 2.7)
• 2012-07-20 (+97 days): commit b4bbee2 (branch 3.3)
• 2012-08-14 (+122 days): CVE-2012-2135 published
• 2012-09-29: Python 3.3.0 released
• 2013-04-06 (+357 days): Python 2.7.4 released
• 2013-04-07 (+358 days): Python 3.2.4 released