Description
The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin Advanced WP Columns Cross-Site Scripting (2.0.6)
SugarCRM Missing Authorization Vulnerability (CVE-2020-7472)
Joomla! Core 1.0 Remote File Inclusion (1.0.0)
WordPress Plugin SLIDER PHOTO GALLERY Multiple Vulnerabilities (1.0)
WordPress Plugin LBstopattack Cross-Site Request Forgery (1.1.2)