Fluid Attacks Database

Description

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	python2.7	>=0 <2.7.6-6	2.7.6-6
rpm rhel6	python	<0:2.6.6-64.el6	0:2.6.6-64.el6

Aliases

1. CVE-2014-19122. NVD-2014-19123. OSV-DEBIAN-2014-19124. OSV-2014-19125. SECURITY-TRACKER-CVE-2014-1912

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.