NVD

Id
43983  
Name
CVE-2012-2135  
Description
The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.  
Reject
 
CVSS Version
2  
CVSS Score
6.4  
Severity
Medium  
CVSS Base Score
6.4  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:P)  
Pub Date
2017-01-19  
Published
2012-08-14  
Modified Date
2013-05-14  
Seq
2012-2135  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
221043 43983 CVE-2012-2135 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670389  View
221044 43983 CVE-2012-2135 http://bugs.python.org/issue14579  View
221045 43983 CVE-2012-2135 [oss-security] 20120425 CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated  View
221046 43983 CVE-2012-2135 [oss-security] 20120425 Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated  View
221047 43983 CVE-2012-2135 USN-1615-1  View
221048 43983 CVE-2012-2135 USN-1616-1  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
27950 JVNDB-2012-003657 Python の utf-16 デコーダにおける重要な情報 (プロセスメモリ) を取得される脆弱性 Python の utf-16 デコーダは、unicode_decode_call_errorhandler 関数を呼び出した後、aligned_end 変数を更新しないため、重要な情報 (プロセスメモリ) を取得される、またはサービス運用妨害 (メモリ破損およびクラッシュ) 状態となる脆弱性が存在します。 CVE-2012-2135 55373 CVE-2012-2135 43983 6.4 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003657.html 2012-04-14 2012-08-17 View