CVE-2014-7185

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
pythonpython
𝑥
≤ 2.7.7
pythonpython
2.7.1
pythonpython
2.7.1:rc1
pythonpython
2.7.2:rc1
pythonpython
2.7.3
pythonpython
2.7.4
pythonpython
2.7.5
pythonpython
2.7.6
pythonpython
2.7.1150
pythonpython
2.7.1150
pythonpython
2.7.2150
applemac_os_x
𝑥
≤ 10.10.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python2.7
bullseye
2.7.18-8+deb11u1
fixed
squeeze
no-dsa
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python2.7
lucid
dne
precise
Fixed 2.7.3-0ubuntu3.8
released
trusty
Fixed 2.7.6-8ubuntu0.2
released
utopic
not-affected
vivid
not-affected
python3.2
lucid
dne
precise
not-affected
saucy
dne
trusty
dne
utopic
dne
vivid
dne
python3.4
lucid
dne
precise
dne
saucy
dne
trusty
not-affected
utopic
not-affected
vivid
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpython2_7-1_0
suse enterprise desktop 15
2.7.17-7.32.1
fixed
suse enterprise desktop 15 SP1
2.7.17-7.32.1
fixed
suse enterprise desktop 15 SP2
2.7.17-7.32.1
fixed
suse enterprise desktop 15 SP3
2.7.17-7.32.1
fixed
suse enterprise sap 12
2.7.9-14.1
fixed
suse enterprise sap 12 SP5
2.7.13-28.31.1
fixed
suse enterprise sap 15
2.7.17-7.32.1
fixed
suse enterprise sap 15 SP1
2.7.17-7.32.1
fixed
suse enterprise sap 15 SP2
2.7.17-7.32.1
fixed
suse enterprise sap 15 SP3
2.7.17-7.32.1
fixed
suse enterprise server 12
2.7.9-14.1
fixed
suse enterprise server 12 SP5
2.7.13-28.31.1
fixed
suse enterprise server 15
2.7.17-7.32.1
fixed
suse enterprise server 15 SP1
2.7.17-7.32.1
fixed
suse enterprise server 15 SP2
2.7.17-7.32.1
fixed
suse enterprise server 15 SP3
2.7.17-7.32.1
fixed
libpython2_7-1_0-32bit
suse enterprise sap 12
2.7.9-14.1
fixed
suse enterprise sap 12 SP5
2.7.13-28.31.1
fixed
suse enterprise server 12
2.7.9-14.1
fixed
suse enterprise server 12 SP5
2.7.13-28.31.1
fixed
python
suse enterprise desktop 15
2.7.17-7.32.2
fixed
suse enterprise desktop 15 SP1
2.7.17-7.32.2
fixed
suse enterprise desktop 15 SP2
2.7.17-7.32.2
fixed
suse enterprise desktop 15 SP3
2.7.17-7.32.2
fixed
suse enterprise sap 12
2.7.9-14.1
fixed
suse enterprise sap 15
2.7.17-7.32.2
fixed
suse enterprise sap 15 SP1
2.7.17-7.32.2
fixed
suse enterprise sap 15 SP2
2.7.17-7.32.2
fixed
suse enterprise sap 15 SP3
2.7.17-7.32.2
fixed
suse enterprise server 12
2.7.9-14.1
fixed
suse enterprise server 15
2.7.17-7.32.2
fixed
suse enterprise server 15 SP1
2.7.17-7.32.2
fixed
suse enterprise server 15 SP2
2.7.17-7.32.2
fixed
suse enterprise server 15 SP3
2.7.17-7.32.2
fixed
python-32bit
suse enterprise sap 12
2.7.9-14.1
fixed
suse enterprise server 12
2.7.9-14.1
fixed
python-base
suse enterprise desktop 15
2.7.17-7.32.1
fixed
suse enterprise desktop 15 SP1
2.7.17-7.32.1
fixed
suse enterprise desktop 15 SP2
2.7.17-7.32.1
fixed
suse enterprise desktop 15 SP3
2.7.17-7.32.1
fixed
suse enterprise sap 12
2.7.9-14.1
fixed
suse enterprise sap 12 SP5
2.7.13-28.31.1
fixed
suse enterprise sap 15
2.7.17-7.32.1
fixed
suse enterprise sap 15 SP1
2.7.17-7.32.1
fixed
suse enterprise sap 15 SP2
2.7.17-7.32.1
fixed
suse enterprise sap 15 SP3
2.7.17-7.32.1
fixed
suse enterprise server 12
2.7.9-14.1
fixed
suse enterprise server 12 SP5
2.7.13-28.31.1
fixed
suse enterprise server 15
2.7.17-7.32.1
fixed
suse enterprise server 15 SP1
2.7.17-7.32.1
fixed
suse enterprise server 15 SP2
2.7.17-7.32.1
fixed
suse enterprise server 15 SP3
2.7.17-7.32.1
fixed
python-base-32bit
suse enterprise sap 12
2.7.9-14.1
fixed
suse enterprise sap 12 SP5
2.7.13-28.31.1
fixed
suse enterprise server 12
2.7.9-14.1
fixed
suse enterprise server 12 SP5
2.7.13-28.31.1
fixed
python-curses
suse enterprise desktop 15
2.7.17-7.32.2
fixed
suse enterprise desktop 15 SP1
2.7.17-7.32.2
fixed
suse enterprise desktop 15 SP2
2.7.17-7.32.2
fixed
suse enterprise desktop 15 SP3
2.7.17-7.32.2
fixed
suse enterprise sap 12
2.7.9-14.1
fixed
suse enterprise sap 15
2.7.17-7.32.2
fixed
suse enterprise sap 15 SP1
2.7.17-7.32.2
fixed
suse enterprise sap 15 SP2
2.7.17-7.32.2
fixed
suse enterprise sap 15 SP3
2.7.17-7.32.2
fixed
suse enterprise server 12
2.7.9-14.1
fixed
suse enterprise server 15
2.7.17-7.32.2
fixed
suse enterprise server 15 SP1
2.7.17-7.32.2
fixed
suse enterprise server 15 SP2
2.7.17-7.32.2
fixed
suse enterprise server 15 SP3
2.7.17-7.32.2
fixed
python-demo
suse enterprise sap 12
2.7.9-14.1
fixed
suse enterprise server 12
2.7.9-14.1
fixed
python-devel
suse enterprise desktop 15
2.7.17-7.32.1
fixed
suse enterprise desktop 15 SP1
2.7.17-7.32.1
fixed
suse enterprise desktop 15 SP2
2.7.17-7.32.1
fixed
suse enterprise desktop 15 SP3
2.7.17-7.32.1
fixed
suse enterprise sap 12 SP5
2.7.13-28.31.1
fixed
suse enterprise sap 15
2.7.17-7.32.1
fixed
suse enterprise sap 15 SP1
2.7.17-7.32.1
fixed
suse enterprise sap 15 SP2
2.7.17-7.32.1
fixed
suse enterprise sap 15 SP3
2.7.17-7.32.1
fixed
suse enterprise server 12 SP5
2.7.13-28.31.1
fixed
suse enterprise server 15
2.7.17-7.32.1
fixed
suse enterprise server 15 SP1
2.7.17-7.32.1
fixed
suse enterprise server 15 SP2
2.7.17-7.32.1
fixed
suse enterprise server 15 SP3
2.7.17-7.32.1
fixed
python-doc
suse enterprise sap 12
2.7.9-14.3
fixed
suse enterprise server 12
2.7.9-14.3
fixed
python-doc-pdf
suse enterprise sap 12
2.7.9-14.3
fixed
suse enterprise server 12
2.7.9-14.3
fixed
python-gdbm
suse enterprise desktop 15
2.7.17-7.32.2
fixed
suse enterprise desktop 15 SP1
2.7.17-7.32.2
fixed
suse enterprise desktop 15 SP2
2.7.17-7.32.2
fixed
suse enterprise desktop 15 SP3
2.7.17-7.32.2
fixed
suse enterprise sap 12
2.7.9-14.1
fixed
suse enterprise sap 15
2.7.17-7.32.2
fixed
suse enterprise sap 15 SP1
2.7.17-7.32.2
fixed
suse enterprise sap 15 SP2
2.7.17-7.32.2
fixed
suse enterprise sap 15 SP3
2.7.17-7.32.2
fixed
suse enterprise server 12
2.7.9-14.1
fixed
suse enterprise server 15
2.7.17-7.32.2
fixed
suse enterprise server 15 SP1
2.7.17-7.32.2
fixed
suse enterprise server 15 SP2
2.7.17-7.32.2
fixed
suse enterprise server 15 SP3
2.7.17-7.32.2
fixed
python-idle
suse enterprise sap 12
2.7.9-14.1
fixed
suse enterprise server 12
2.7.9-14.1
fixed
python-tk
suse enterprise sap 12
2.7.9-14.1
fixed
suse enterprise server 12
2.7.9-14.1
fixed
python-xml
suse enterprise desktop 15
2.7.17-7.32.1
fixed
suse enterprise desktop 15 SP1
2.7.17-7.32.1
fixed
suse enterprise desktop 15 SP2
2.7.17-7.32.1
fixed
suse enterprise desktop 15 SP3
2.7.17-7.32.1
fixed
suse enterprise sap 12
2.7.9-14.1
fixed
suse enterprise sap 12 SP5
2.7.13-28.31.1
fixed
suse enterprise sap 15
2.7.17-7.32.1
fixed
suse enterprise sap 15 SP1
2.7.17-7.32.1
fixed
suse enterprise sap 15 SP2
2.7.17-7.32.1
fixed
suse enterprise sap 15 SP3
2.7.17-7.32.1
fixed
suse enterprise server 12
2.7.9-14.1
fixed
suse enterprise server 12 SP5
2.7.13-28.31.1
fixed
suse enterprise server 15
2.7.17-7.32.1
fixed
suse enterprise server 15 SP1
2.7.17-7.32.1
fixed
suse enterprise server 15 SP2
2.7.17-7.32.1
fixed
suse enterprise server 15 SP3
2.7.17-7.32.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
python
RHEL 6
0:2.6.6-64.el6
fixed
RHEL 7
0:2.7.5-34.el7
fixed
python-debug
RHEL 7
0:2.7.5-34.el7
fixed
python-devel
RHEL 6
0:2.6.6-64.el6
fixed
RHEL 7
0:2.7.5-34.el7
fixed
python-libs
RHEL 6
0:2.6.6-64.el6
fixed
RHEL 7
0:2.7.5-34.el7
fixed
python-test
RHEL 6
0:2.6.6-64.el6
fixed
RHEL 7
0:2.7.5-34.el7
fixed
python-tools
RHEL 6
0:2.6.6-64.el6
fixed
RHEL 7
0:2.7.5-34.el7
fixed
tkinter
RHEL 6
0:2.6.6-64.el6
fixed
RHEL 7
0:2.7.5-34.el7
fixed
Common Weakness Enumeration
References
http://bugs.python.org/issue21831
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139663.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00016.html
http://rhn.redhat.com/errata/RHSA-2015-1064.html
http://rhn.redhat.com/errata/RHSA-2015-1330.html
http://www.openwall.com/lists/oss-security/2014/09/23/5
http://www.openwall.com/lists/oss-security/2014/09/25/47
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/70089
https://bugzilla.redhat.com/show_bug.cgi?id=1146026
https://exchange.xforce.ibmcloud.com/vulnerabilities/96193
https://security.gentoo.org/glsa/201503-10
https://support.apple.com/kb/HT205031
http://bugs.python.org/issue21831
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139663.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00016.html
http://rhn.redhat.com/errata/RHSA-2015-1064.html
http://rhn.redhat.com/errata/RHSA-2015-1330.html
http://www.openwall.com/lists/oss-security/2014/09/23/5
http://www.openwall.com/lists/oss-security/2014/09/25/47
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/70089
https://bugzilla.redhat.com/show_bug.cgi?id=1146026
https://exchange.xforce.ibmcloud.com/vulnerabilities/96193
https://security.gentoo.org/glsa/201503-10
https://support.apple.com/kb/HT205031