Base Score

MEDIUM5.9

CVE-2014-4616

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.

VectorNETWORK

Published Bycve@mitre.org

Published DateAug 24, 2017, 20:29

Affected Versions(1)

simplejson(PyPI)

Introduced0

Fixed2.6.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
simplejson(PyPI)	0	2.6.1	N/A

Weakness Type (CWE):CWE-129

CVSS Metrics

Base Score

5.9

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE

References

Base Score

MEDIUM5.9

Weakness Type (CWE):CWE-129

CVSS Metrics

Base Score

5.9

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE