Fluid Attacks Database

Description

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	python2.7	>=0 <2.7.8-1	2.7.8-1
rpm rhel6	python	<0:2.6.6-64.el6	0:2.6.6-64.el6
rpm rhel5	python	-	-
rpm rhel7	python	<0:2.7.5-34.el7	0:2.7.5-34.el7

Aliases

1. CVE-2014-71852. NVD-2014-71853. OSV-DEBIAN-2014-71854. OSV-2014-71855. SECURITY-TRACKER-CVE-2014-7185

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.