CVE-2012-2135

Severity

64%

Complexity

99%

Confidentiality

81%

The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.

The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.

CVSS 2.0 Base Score 6.4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P).

Overview

Type

Python

First reported 12 years ago

2012-08-14 22:55:00

Last updated 11 years ago

2013-05-15 03:25:00

Affected Software

Python 3.1

3.1

Python 3.1.1

3.1.1

Python 3.1.2

3.1.2

Python 3.1.5

3.1.5

Python 3.2-alpha

3.2

Python 3.2.3

3.2.3

Python 3.2.2150

3.2.2150

Python 3.3

3.3

Python 3.3 beta 2

3.3

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670389

http://bugs.python.org/issue14579

Vendor Advisory

51087

51089

[oss-security] 20120425 CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated

[oss-security] 20120425 Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated

USN-1615-1

USN-1616-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.