← Back

CVE-2014-1912

nvd nist
Published: Mar 1, 2014Modified: Apr 29, 2026

JSON object

Loading...
7.5
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 10.0 / Impact: 6.4
Source: NVD

Description

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

Affected (52)

Products: Python: Python · Apple: Mac Os X
Python
1 product
Python
Apple
1 product
Mac Os X
Configuration A
26 vulnerable
Vulnerable SoftwareAffected Versions
Python
Python
Version 2.5.150
Python
Version 2.5.1
Python
Version 2.5.2
Python
Version 2.5.3
Python
Version 2.5.4
Python
Version 2.5.6
Python
Version 2.6.1
Python
Version 2.6.2150
Python
Version 2.6.2
Python
Version 2.6.3
Python
Version 2.6.4
Python
Version 2.6.5
Python
Version 2.6.6150
Python
Version 2.6.6
Python
Version 2.6.7
Python
Version 2.6.8
Python
Version 2.7.1150
Python
Version 2.7.1150
Python
Version 2.7.1
Python
Version 2.7.1 rc1
Python
Version 2.7.2150
Python
Version 2.7.2 rc1
Python
Version 2.7.3
Python
Version 2.7.4
Python
Version 2.7.5
Python
Version 2.7.6
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Mac Os X
Up to 10.10.4
Configuration C
25 vulnerable
Vulnerable SoftwareAffected Versions
Python
Python
Version 3.0.1
Python
Version 3.0
Python
Version 3.1.1
Python
Version 3.1.2150
Python
Version 3.1.2
Python
Version 3.1.3
Python
Version 3.1.4
Python
Version 3.1.5
Python
Version 3.1
Python
Version 3.2.0
Python
Version 3.2.1
Python
Version 3.2.2150
Python
Version 3.2.2
Python
Version 3.2.3
Python
Version 3.2.4
Python
Version 3.2.5
Python
Version 3.2
Python
Version 3.2 alpha
Python
Version 3.3.0
Python
Version 3.3.1
Python
Version 3.3.2
Python
Version 3.3.3
Python
Version 3.3
Python
Version 3.3 beta2
Python
Version 3.4 alpha1

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (38)

Source: cve@mitre.org
Patch
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit

Timeline

No history available yet.