Buffer overflow in Python

Published: 2014-03-01 | Updated: 2020-07-28

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2014-1912
CWE-ID	CWE-119
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software	Python Universal components / Libraries / Scripting languages
Vendor	Python.org

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU32578

Risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2014-1912

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Python: 2.5 _ - 2.5.150

CPE2.3

cpe:2.3:a:python_org:python:2.5.150:*:*:*:*:*:*:*

External links

https://bugs.python.org/issue20246
https://hg.python.org/cpython/rev/87673659d8f7
https://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
https://lists.opensuse.org/opensuse-updates/2014-04/msg00035.html
https://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html
https://pastebin.com/raw.php?i=GHXSmNEg
https://rhn.redhat.com/errata/RHSA-2015-1064.html
https://rhn.redhat.com/errata/RHSA-2015-1330.html
https://www.debian.org/security/2014/dsa-2880
https://www.exploit-db.com/exploits/31875
https://www.openwall.com/lists/oss-security/2014/02/12/16
https://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
https://www.securityfocus.com/bid/65379
https://www.securitytracker.com/id/1029831
https://www.ubuntu.com/usn/USN-2125-1
https://security.gentoo.org/glsa/201503-10
https://support.apple.com/kb/HT205031
https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.