CVE-2014-7185

Published Oct 8, 2014

Last updated 5 years ago

Overview

Description: Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-189

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06BD335F-1DEB-47CD-9BDC-C37440E11CD8",
            "versionEndIncluding": "2.7.7"
          },
          {
            "criteria": "cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CE2063E-5B74-4731-885F-80D2D7B15604"
          },
          {
            "criteria": "cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC647F82-9679-4B26-AFF1-1B43B0AF18B5"
          },
          {
            "criteria": "cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "046BCC55-F166-4C31-AB2B-815A0DFA2BEE"
          },
          {
            "criteria": "cpe:2.3:a:python:python:2.7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A3CABCB-9FA8-4B13-8CF1-AA89B9E9B7E7"
          },
          {
            "criteria": "cpe:2.3:a:python:python:2.7.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41925551-AC82-4EEA-836F-56E280114765"
          },
          {
            "criteria": "cpe:2.3:a:python:python:2.7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A213A57A-85BB-4B12-B394-3FF5459797EF"
          },
          {
            "criteria": "cpe:2.3:a:python:python:2.7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76D82E41-8B87-4D6E-9E59-C12E37E30965"
          },
          {
            "criteria": "cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D00809F-8D47-428E-9347-2BF36A61901A"
          },
          {
            "criteria": "cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "14EF3E9D-8F0D-40C4-A171-866D091CB531"
          },
          {
            "criteria": "cpe:2.3:a:python:python:2.7.2150:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC94B908-E405-4BD2-BE36-2BB90238F7EE"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7883E465-932D-4C11-AA54-97E44181F906",
            "versionEndIncluding": "10.10.4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References