Description

The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.

Remediation

References

CVE-2012-2135

Related Vulnerabilities

WordPress Plugin One User Avatar-User Profile Picture Unspecified Vulnerability (2.3.8)

WordPress Plugin Buddypress Component Stats Local File Inclusion (1.0)

WordPress 6.0.x Multiple Vulnerabilities (6.0 - 6.0.6)

phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2016-9862)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-4955)

Severity

Medium

Classification

CVE-2012-2135

Tags

Missing Update Known Vulnerabilities