Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2135

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2012-2135
Last Modified 14 May 2013 11:25:59
Published 14 Aug 2012 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2135

Summary

The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.

Vulnerable Systems

Application

  • Python 3.1

  • Python 3.1.1

  • Python 3.1.2

  • Python 3.1.5

  • Python 3.2

  • Python 3.2.2150

  • Python 3.2.3

  • Python 3.3


References

MLIST - [oss-security] 20120425 Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated

MLIST - [oss-security] 20120425 CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated

MISC - http://bugs.python.org/issue14579

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670389

UBUNTU - USN-1615-1

SECUNIA - 51089

UBUNTU - USN-1616-1

SECUNIA - 51087


Last Updated: 27 May 2016 10:49:40