{"id":"PSF-2017-1","summary":"JSONDecoder.raw_decode","details":"Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.","aliases":["CVE-2014-4616","GHSA-9772-cwx9-r4cj"],"modified":"2025-10-09T00:59:37.589692Z","published":"2017-08-24T20:00:00Z","database_specific":{"cwe_ids":[]},"references":[{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/cve-2014-4616"},{"type":"REPORT","url":"https://bugs.python.org/issue21529"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"6c939cb6f6dfbd273609577b0022542d31ae2802"},{"fixed":"99b5afab74428e5ddfd877bdf3aa8a8c479696b1"}]}],"versions":["2.5","v0.9.8","v0.9.9","v1.0.1","v1.0.2","v1.1","v1.1.1","v1.2","v1.2b1","v1.2b2","v1.2b3","v1.2b4","v1.3","v1.3b1","v1.4","v1.4b1","v1.4b2","v1.4b3","v1.5","v1.5.1","v1.5.2","v1.5.2a1","v1.5.2a2","v1.5.2b1","v1.5.2b2","v1.5.2c1","v1.5a1","v1.5a2","v1.5a3","v1.5a4","v1.5b1","v1.5b2","v1.6a1","v1.6a2","v2.0","v2.0b1","v2.0b2","v2.0c1","v2.1","v2.1a1","v2.1a2","v2.1b1","v2.1b2","v2.1c1","v2.1c2","v2.2a3","v2.3c1","v2.3c2","v2.4","v2.4a1","v2.4a2","v2.4a3","v2.4b1","v2.4b2","v2.4c1","v2.5","v2.5.1","v2.5.1c1","v2.5.2","v2.5.2c1","v2.5.3","v2.5.3c1","v2.5.4","v2.5.5","v2.5.5c1","v2.5.5c2","v2.5.6","v2.5.6c1","v2.5a0","v2.5a1","v2.5a2","v2.5b1","v2.5b2","v2.5b3","v2.5c1","v2.5c2","v2.6","v2.6.1","v2.6.2","v2.6.2c1","v2.6.3","v2.6.3rc1","v2.6.4","v2.6.4rc1","v2.6.4rc2","v2.6.5","v2.6.5rc1","v2.6.5rc2","v2.6.6","v2.6.6rc1","v2.6.6rc2","v2.6.7","v2.6.8","v2.6.8rc1","v2.6.8rc2","v2.6a1","v2.6a2","v2.6a3","v2.6b1","v2.6b2","v2.6b3","v2.6rc1","v2.6rc2","v2.7","v2.7.1","v2.7.1rc1","v2.7.2","v2.7.2rc1","v2.7.3","v2.7.3rc1","v2.7.3rc2","v2.7a1","v2.7a2","v2.7a3","v2.7a4","v2.7b1","v2.7b2","v2.7rc1","v2.7rc2","v3.0a1","v3.0a2","v3.0a3","v3.0a4","v3.0a5","v3.0b1","v3.0b2","v3.0b3","v3.0rc1","v3.0rc2","v3.0rc3","v3.1","v3.1.1","v3.1.1rc1","v3.1.2","v3.1.2rc1","v3.1.3","v3.1.3rc1","v3.1.4","v3.1.4rc1","v3.1.5","v3.1.5rc1","v3.1.5rc2","v3.1a1","v3.1a2","v3.1b1","v3.1rc1","v3.1rc2","v3.2","v3.2.1","v3.2.1b1","v3.2.1rc1","v3.2.1rc2","v3.2.2","v3.2.2rc1","v3.2.3","v3.2.3rc1","v3.2.3rc2","v3.2.4","v3.2.4rc1","v3.2.5","v3.2a1","v3.2a2","v3.2a3","v3.2a4","v3.2b1","v3.2b2","v3.2rc1","v3.2rc2","v3.2rc3"],"database_specific":{"vanir_signatures":[{"signature_type":"Function","target":{"file":"Modules/_json.c","function":"scan_once_str"},"id":"PSF-2017-1-0f821b3e","source":"https://github.com/python/cpython/commit/6c939cb6f6dfbd273609577b0022542d31ae2802","signature_version":"v1","deprecated":false,"digest":{"length":2300,"function_hash":"25106426419632792795838985375593720378"}},{"signature_type":"Function","target":{"file":"Modules/_json.c","function":"scan_once_unicode"},"id":"PSF-2017-1-32d8e346","source":"https://github.com/python/cpython/commit/6c939cb6f6dfbd273609577b0022542d31ae2802","signature_version":"v1","deprecated":false,"digest":{"length":2273,"function_hash":"263486496255626229186014659436588529555"}},{"signature_type":"Line","target":{"file":"Modules/_json.c"},"id":"PSF-2017-1-3783e2be","source":"https://github.com/python/cpython/commit/6c939cb6f6dfbd273609577b0022542d31ae2802","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["39906423719261988284585508931271658784","131385314209771341919080367417872108620","314508523876734961570135285826436514611","119114297336911049877924617937479190808","273338037574117324863793143385052696212","160733641363203805085925255673566536857","324414043392332063980459565824122408513","119114297336911049877924617937479190808"],"threshold":0.9}},{"signature_type":"Function","target":{"file":"Modules/_json.c","function":"scan_once_unicode"},"id":"PSF-2017-1-850639fe","source":"https://github.com/python/cpython/commit/99b5afab74428e5ddfd877bdf3aa8a8c479696b1","signature_version":"v1","deprecated":false,"digest":{"length":2273,"function_hash":"263486496255626229186014659436588529555"}},{"signature_type":"Line","target":{"file":"Modules/_json.c"},"id":"PSF-2017-1-d34bf227","source":"https://github.com/python/cpython/commit/99b5afab74428e5ddfd877bdf3aa8a8c479696b1","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["273338037574117324863793143385052696212","160733641363203805085925255673566536857","324414043392332063980459565824122408513","119114297336911049877924617937479190808"],"threshold":0.9}}],"source":"https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2017-1.json"}}],"schema_version":"1.7.3"}