Out-of-Bounds Affecting python2.7 package, versions <2.7.6-6
Snyk CVSS
Exploit Maturity
Mature
Attack Complexity
Low
NVD
high
Red Hat
medium
SUSE
high
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN9-PYTHON27-306518
- published 1 Mar 2014
- disclosed 1 Mar 2014
Introduced: 1 Mar 2014
CVE-2014-1912 Open this link in a new tabHow to fix?
Upgrade Debian:9 python2.7 to version 2.7.6-6 or higher.
NVD Description
Note: Versions mentioned in the description apply to the upstream python2.7 package.
See How to fix? for Debian:9 relevant versions.
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
References
- Apple Security Advisory
- Apple Security Announcement
- CONFIRM
- CONFIRM
- Debian Security Advisory
- Debian Security Tracker
- Exploit DB
- Gentoo Security Advisory
- MISC
- MISC
- OpenSuse Security Update
- OpenSuse Security Update
- Oracle Security Advisory
- Oracle Security Bulletin
- OSS security Advisory
- RedHat Security Advisory
- RedHat Security Advisory
- Security Focus
- Security Tracker
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
- Exploit DB