CVE-2014-7185
Public on 2014-10-08
Modified on 2015-12-13
Description
An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash.
Severity
Low
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | python26 | 2015-12-14 | ALAS-2015-621 | Fixed |
| Amazon Linux 1 | python27 | 2014-11-05 | ALAS-2014-440 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 4.0 | AV:N/AC:H/Au:N/C:P/I:N/A:P |
| NVD | CVSSv2 | 6.4 | AV:N/AC:L/Au:N/C:P/I:N/A:P |