CVE-2014-1912

Python <2.7.7, <3.3.4, <3.4rc1 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-1912. PoCs published by Sha0.

AI-analyzed exploit summary This exploit demonstrates a remote buffer overflow in Python's socket.recvfrom_into() function (CVE-2014-1912). It crafts a malicious buffer to control EIP and execute a reverse shell shellcode, targeting Python 2.7 and 3 on Linux 32-bit systems.

Description

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

Exploits (1)

exploitdb WORKING POC
by Sha0 · pythonremotelinux
https://www.exploit-db.com/exploits/31875

This exploit demonstrates a remote buffer overflow in Python's socket.recvfrom_into() function (CVE-2014-1912). It crafts a malicious buffer to control EIP and execute a reverse shell shellcode, targeting Python 2.7 and 3 on Linux 32-bit systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Python 2.7 and Python 3 (socket.recvfrom_into())
No auth needed
Prerequisites: Network access to target · Target running vulnerable Python version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (19)

Core 19
Core References
Various Sources x_refsource_confirm
http://hg.python.org/cpython/rev/87673659d8f7
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-04/msg00035.html
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1064.html
Exploit x_refsource_misc
http://pastebin.com/raw.php?i=GHXSmNEg
Patch x_refsource_confirm
http://bugs.python.org/issue20246
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2880
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201503-10
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65379
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/02/12/16
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1330.html
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/31875
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT205031
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2125-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029831

Scores

EPSS 0.2832
EPSS Percentile 97.9%

Details

CWE
CWE-119
Status published
Products (46)
apple/mac_os_x < 10.10.4
python/python 2.5.1
python/python 2.5.2
python/python 2.5.3
python/python 2.5.4
python/python 2.5.6
python/python 2.5.150
python/python 2.6.1
python/python 2.6.2
python/python 2.6.3
... and 36 more
Published Mar 01, 2014
Tracked Since Feb 18, 2026