Vulnerability Details : CVE-2014-1912
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
Vulnerability category: OverflowExecute code
Threat overview for CVE-2014-1912
Top countries where our scanners detected CVE-2014-1912
Top open port discovered on systems with this issue
8123
IPs affected by CVE-2014-1912 128,539
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-1912!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-1912
Probability of exploitation activity in the next 30 days: 45.98%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-1912
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
nvd@nist.gov |
CWE ids for CVE-2014-1912
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1912
-
http://rhn.redhat.com/errata/RHSA-2015-1064.html
RHSA-2015:1064 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html
openSUSE-SU-2014:0597-1: moderate: update for python3
-
http://www.securitytracker.com/id/1029831
Python Buffer Overflow in socket.recvfrom_into() Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
https://security.gentoo.org/glsa/201503-10
Python: Multiple vulnerabilities (GLSA 201503-10) — Gentoo security
-
http://www.debian.org/security/2014/dsa-2880
Debian -- Security Information -- DSA-2880-1 python2.7
-
http://hg.python.org/cpython/rev/87673659d8f7
cpython: 87673659d8f7
-
https://support.apple.com/kb/HT205031
About the security content of OS X Yosemite v10.10.5 and Security Update 2015-006 - Apple SupportVendor Advisory
-
http://pastebin.com/raw.php?i=GHXSmNEg
Exploit
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Oracle Linux Bulletin - January 2016
-
https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/
Python Remote Code Execution in socket.recvfrom_into()Exploit
-
http://rhn.redhat.com/errata/RHSA-2015-1330.html
RHSA-2015:1330 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-2125-1
USN-2125-1: Python vulnerability | Ubuntu security notices
-
http://www.openwall.com/lists/oss-security/2014/02/12/16
oss-security - Re: CVE request? buffer overflow in socket.recvfrom_into
-
http://www.exploit-db.com/exploits/31875
Python - 'socket.recvfrom_into()' Remote Buffer Overflow - Linux remote ExploitExploit
-
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Apple - Lists.apple.com
-
http://bugs.python.org/issue20246
Issue 20246: buffer overflow in socket.recvfrom_into - Python trackerPatch
-
http://www.securityfocus.com/bid/65379
Python 'sock_recvfrom_into()' Function Buffer Overflow Vulnerability
-
http://lists.opensuse.org/opensuse-updates/2014-04/msg00035.html
openSUSE-SU-2014:0518-1: moderate: update for python
-
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Oracle Critical Patch Update - July 2017
Products affected by CVE-2014-1912
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2:alpha:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.2150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.2150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:x64:*
- cpe:2.3:a:python:python:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.6150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.2150:*:*:*:*:*:x64:*
- cpe:2.3:a:python:python:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.5.150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.2150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3:beta2:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.4:alpha1:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.4:*:*:*:*:*:*:*