CVE Vulnerabilities

CVE-2012-2135

Published: Aug 14, 2012 | Modified: Jan 19, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
LOW

The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.

Affected Software

Name Vendor Start Version End Version
Python Python 2.7.0 (including) 2.7.4 (excluding)
Python Python 3.2.0 (including) 3.2.4 (excluding)
Python Python 3.3.0 (including) 3.3.3 (excluding)
Python3.1 Ubuntu lucid *
Python3.1 Ubuntu natty *
Python3.2 Ubuntu natty *
Python3.2 Ubuntu oneiric *
Python3.2 Ubuntu precise *
Python3.2 Ubuntu upstream *

References