CVE-2012-2135

Name: CVE-2012-2135
Creator: NVD / NIST
Published: 2012-08-14T22:55:01.253+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.55%

Last modified Jun 16, 2026

CVE-2012-2135 is a vulnerability of currently unknown severity. The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.. EPSS estimates a 4.55% chance of exploitation in the next 30 days.

Description

The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.

Metrics

EPSS Probability

4.55%

90.4th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Python	Python	>= 2.7.0, < 2.7.4
Python	Python	>= 3.2.0, < 3.2.4
Python	Python	>= 3.3.0, < 3.3.3
Canonical	Ubuntu Linux	10.04
Canonical	Ubuntu Linux	11.04
Canonical	Ubuntu Linux	11.10
Canonical	Ubuntu Linux	12.04
Canonical	Ubuntu Linux	12.10
Debian	Debian Linux	6.0

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670389Third Party Advisory
http://bugs.python.org/issue14579Vendor Advisory
http://secunia.com/advisories/51087Third Party Advisory
http://secunia.com/advisories/51089Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/04/25/2Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/04/25/4Mailing List, Third Party Advisory
http://www.ubuntu.com/usn/USN-1615-1Third Party Advisory
http://www.ubuntu.com/usn/USN-1616-1Third Party Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670389Third Party Advisory
http://bugs.python.org/issue14579Vendor Advisory
http://secunia.com/advisories/51087Third Party Advisory
http://secunia.com/advisories/51089Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/04/25/2Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/04/25/4Mailing List, Third Party Advisory
http://www.ubuntu.com/usn/USN-1615-1Third Party Advisory
http://www.ubuntu.com/usn/USN-1616-1Third Party Advisory

Timeline

Published: Aug 14, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-2135?

How severe is CVE-2012-2135?

Severity scoring for CVE-2012-2135 is pending analysis. The EPSS model estimates a 4.55% probability of exploitation in the next 30 days.

How do I fix CVE-2012-2135?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-2135?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST