CVE-2012-2135

Priority
Low
Description
The utf-16 decoder in Python 3.1 through 3.3 does not update the
aligned_end variable after calling the unicode_decode_call_errorhandler
function, which allows remote attackers to obtain sensitive information
(process memory) or cause a denial of service (memory corruption and crash)
via unspecified vectors.
References
Bugs
Notes
 jdstrand> python3 only
 jdstrand> patch in upstream bug is in Debian, but not committed upstream
 mdeslaur> 3.3 wasn't affected. Only tests were commited.
Assigned-to
jdstrand
Package
Upstream:released (3.2.3-4)
Patches:
Upstream:http://hg.python.org/cpython/rev/034ff986019d
Package
Upstream:needs-triage
Patches:
Upstream:http://hg.python.org/cpython/rev/034ff986019d
Package
Upstream:needs-triage
Patches:
Upstream:http://hg.python.org/cpython/rev/034ff986019d
More Information

Updated: 2017-08-11 23:49:08 UTC (commit 13081)