CVE-2008-2315

Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.
References
Link Resource
http://bugs.gentoo.org/attachment.cgi?id=159418&action=view Exploit
http://bugs.gentoo.org/show_bug.cgi?id=230640 Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html Third Party Advisory
http://secunia.com/advisories/31305 Broken Link
http://secunia.com/advisories/31332 Broken Link
http://secunia.com/advisories/31358 Broken Link
http://secunia.com/advisories/31365 Broken Link
http://secunia.com/advisories/31518 Broken Link
http://secunia.com/advisories/31687 Broken Link
http://secunia.com/advisories/32793 Broken Link
http://secunia.com/advisories/33937 Broken Link
http://secunia.com/advisories/37471 Broken Link
http://secunia.com/advisories/38675 Broken Link
http://security.gentoo.org/glsa/glsa-200807-16.xml Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289 Third Party Advisory
http://support.apple.com/kb/HT3438 Third Party Advisory
http://support.avaya.com/css/P8/documents/100074697 Third Party Advisory
http://www.debian.org/security/2008/dsa-1667 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:163 Broken Link Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:164 Broken Link Third Party Advisory
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900 Third Party Advisory
http://www.openwall.com/lists/oss-security/2008/11/05/2 Mailing List
http://www.openwall.com/lists/oss-security/2008/11/05/3 Mailing List
http://www.securityfocus.com/archive/1/507985/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/30491 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-632-1 Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0016.html Third Party Advisory
http://www.vupen.com/english/advisories/2008/2288 Broken Link Third Party Advisory
http://www.vupen.com/english/advisories/2009/3316 Broken Link Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/44172 VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/44173 VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761 Broken Link
http://bugs.gentoo.org/attachment.cgi?id=159418&action=view Exploit
http://bugs.gentoo.org/show_bug.cgi?id=230640 Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html Third Party Advisory
http://secunia.com/advisories/31305 Broken Link
http://secunia.com/advisories/31332 Broken Link
http://secunia.com/advisories/31358 Broken Link
http://secunia.com/advisories/31365 Broken Link
http://secunia.com/advisories/31518 Broken Link
http://secunia.com/advisories/31687 Broken Link
http://secunia.com/advisories/32793 Broken Link
http://secunia.com/advisories/33937 Broken Link
http://secunia.com/advisories/37471 Broken Link
http://secunia.com/advisories/38675 Broken Link
http://security.gentoo.org/glsa/glsa-200807-16.xml Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289 Third Party Advisory
http://support.apple.com/kb/HT3438 Third Party Advisory
http://support.avaya.com/css/P8/documents/100074697 Third Party Advisory
http://www.debian.org/security/2008/dsa-1667 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:163 Broken Link Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:164 Broken Link Third Party Advisory
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900 Third Party Advisory
http://www.openwall.com/lists/oss-security/2008/11/05/2 Mailing List
http://www.openwall.com/lists/oss-security/2008/11/05/3 Mailing List
http://www.securityfocus.com/archive/1/507985/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/30491 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-632-1 Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0016.html Third Party Advisory
http://www.vupen.com/english/advisories/2008/2288 Broken Link Third Party Advisory
http://www.vupen.com/english/advisories/2009/3316 Broken Link Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/44172 VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/44173 VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761 Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:46

Type Values Removed Values Added
References () http://bugs.gentoo.org/attachment.cgi?id=159418&action=view - Exploit () http://bugs.gentoo.org/attachment.cgi?id=159418&action=view - Exploit
References () http://bugs.gentoo.org/show_bug.cgi?id=230640 - Third Party Advisory () http://bugs.gentoo.org/show_bug.cgi?id=230640 - Third Party Advisory
References () http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html - Mailing List () http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html - Third Party Advisory
References () http://secunia.com/advisories/31305 - Broken Link () http://secunia.com/advisories/31305 - Broken Link
References () http://secunia.com/advisories/31332 - Broken Link () http://secunia.com/advisories/31332 - Broken Link
References () http://secunia.com/advisories/31358 - Broken Link () http://secunia.com/advisories/31358 - Broken Link
References () http://secunia.com/advisories/31365 - Broken Link () http://secunia.com/advisories/31365 - Broken Link
References () http://secunia.com/advisories/31518 - Broken Link () http://secunia.com/advisories/31518 - Broken Link
References () http://secunia.com/advisories/31687 - Broken Link () http://secunia.com/advisories/31687 - Broken Link
References () http://secunia.com/advisories/32793 - Broken Link () http://secunia.com/advisories/32793 - Broken Link
References () http://secunia.com/advisories/33937 - Broken Link () http://secunia.com/advisories/33937 - Broken Link
References () http://secunia.com/advisories/37471 - Broken Link () http://secunia.com/advisories/37471 - Broken Link
References () http://secunia.com/advisories/38675 - Broken Link () http://secunia.com/advisories/38675 - Broken Link
References () http://security.gentoo.org/glsa/glsa-200807-16.xml - Third Party Advisory () http://security.gentoo.org/glsa/glsa-200807-16.xml - Third Party Advisory
References () http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289 - Third Party Advisory () http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289 - Third Party Advisory
References () http://support.apple.com/kb/HT3438 - Third Party Advisory () http://support.apple.com/kb/HT3438 - Third Party Advisory
References () http://support.avaya.com/css/P8/documents/100074697 - Third Party Advisory () http://support.avaya.com/css/P8/documents/100074697 - Third Party Advisory
References () http://www.debian.org/security/2008/dsa-1667 - Third Party Advisory () http://www.debian.org/security/2008/dsa-1667 - Third Party Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:163 - Broken Link, Third Party Advisory () http://www.mandriva.com/security/advisories?name=MDVSA-2008:163 - Broken Link, Third Party Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:164 - Broken Link, Third Party Advisory () http://www.mandriva.com/security/advisories?name=MDVSA-2008:164 - Broken Link, Third Party Advisory
References () http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900 - Third Party Advisory () http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900 - Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2008/11/05/2 - Mailing List () http://www.openwall.com/lists/oss-security/2008/11/05/2 - Mailing List
References () http://www.openwall.com/lists/oss-security/2008/11/05/3 - Mailing List () http://www.openwall.com/lists/oss-security/2008/11/05/3 - Mailing List
References () http://www.securityfocus.com/archive/1/507985/100/0/threaded - Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/507985/100/0/threaded - Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/30491 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/30491 - Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/usn-632-1 - Third Party Advisory () http://www.ubuntu.com/usn/usn-632-1 - Third Party Advisory
References () http://www.vmware.com/security/advisories/VMSA-2009-0016.html - Third Party Advisory () http://www.vmware.com/security/advisories/VMSA-2009-0016.html - Third Party Advisory
References () http://www.vupen.com/english/advisories/2008/2288 - Broken Link, Third Party Advisory () http://www.vupen.com/english/advisories/2008/2288 - Broken Link, Third Party Advisory
References () http://www.vupen.com/english/advisories/2009/3316 - Broken Link, Third Party Advisory () http://www.vupen.com/english/advisories/2009/3316 - Broken Link, Third Party Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/44172 - VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/44172 - VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/44173 - VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/44173 - VDB Entry
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445 - Broken Link
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683 - Broken Link
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761 - Broken Link

02 Aug 2023, 17:14

Type Values Removed Values Added
References (GENTOO) http://security.gentoo.org/glsa/glsa-200807-16.xml - (GENTOO) http://security.gentoo.org/glsa/glsa-200807-16.xml - Third Party Advisory
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:164 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:164 - Broken Link, Third Party Advisory
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/44172 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/44172 - VDB Entry
References (CONFIRM) http://www.vmware.com/security/advisories/VMSA-2009-0016.html - (CONFIRM) http://www.vmware.com/security/advisories/VMSA-2009-0016.html - Third Party Advisory
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445 - Broken Link
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/44173 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/44173 - VDB Entry
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:163 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:163 - Broken Link, Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/31305 - (SECUNIA) http://secunia.com/advisories/31305 - Broken Link
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683 - Broken Link
References (CONFIRM) http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900 - (CONFIRM) http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900 - Third Party Advisory
References (CONFIRM) http://bugs.gentoo.org/show_bug.cgi?id=230640 - (CONFIRM) http://bugs.gentoo.org/show_bug.cgi?id=230640 - Third Party Advisory
References (BID) http://www.securityfocus.com/bid/30491 - (BID) http://www.securityfocus.com/bid/30491 - Third Party Advisory, VDB Entry
References (VUPEN) http://www.vupen.com/english/advisories/2008/2288 - (VUPEN) http://www.vupen.com/english/advisories/2008/2288 - Broken Link, Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/33937 - (SECUNIA) http://secunia.com/advisories/33937 - Broken Link
References (MLIST) http://www.openwall.com/lists/oss-security/2008/11/05/2 - (MLIST) http://www.openwall.com/lists/oss-security/2008/11/05/2 - Mailing List
References (SECUNIA) http://secunia.com/advisories/37471 - (SECUNIA) http://secunia.com/advisories/37471 - Broken Link
References (SECUNIA) http://secunia.com/advisories/31332 - (SECUNIA) http://secunia.com/advisories/31332 - Broken Link
References (SLACKWARE) http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289 - (SLACKWARE) http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289 - Third Party Advisory
References (UBUNTU) http://www.ubuntu.com/usn/usn-632-1 - (UBUNTU) http://www.ubuntu.com/usn/usn-632-1 - Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2008/11/05/3 - (MLIST) http://www.openwall.com/lists/oss-security/2008/11/05/3 - Mailing List
References (APPLE) http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html - (APPLE) http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html - Mailing List
References (SECUNIA) http://secunia.com/advisories/31365 - (SECUNIA) http://secunia.com/advisories/31365 - Broken Link
References (SECUNIA) http://secunia.com/advisories/31518 - (SECUNIA) http://secunia.com/advisories/31518 - Broken Link
References (SECUNIA) http://secunia.com/advisories/38675 - (SECUNIA) http://secunia.com/advisories/38675 - Broken Link
References (CONFIRM) http://support.apple.com/kb/HT3438 - (CONFIRM) http://support.apple.com/kb/HT3438 - Third Party Advisory
References (BUGTRAQ) http://www.securityfocus.com/archive/1/507985/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/507985/100/0/threaded - Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/32793 - (SECUNIA) http://secunia.com/advisories/32793 - Broken Link
References (VUPEN) http://www.vupen.com/english/advisories/2009/3316 - (VUPEN) http://www.vupen.com/english/advisories/2009/3316 - Broken Link, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html - Third Party Advisory
References (CONFIRM) http://support.avaya.com/css/P8/documents/100074697 - (CONFIRM) http://support.avaya.com/css/P8/documents/100074697 - Third Party Advisory
References (DEBIAN) http://www.debian.org/security/2008/dsa-1667 - (DEBIAN) http://www.debian.org/security/2008/dsa-1667 - Third Party Advisory
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761 - Broken Link
References (SECUNIA) http://secunia.com/advisories/31687 - (SECUNIA) http://secunia.com/advisories/31687 - Broken Link
References (SECUNIA) http://secunia.com/advisories/31358 - (SECUNIA) http://secunia.com/advisories/31358 - Broken Link
CWE CWE-189 CWE-190
CPE cpe:2.3:a:python_software_foundation:python:2.4:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.1:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.5:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.3:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:1.6:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.2:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.0:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:python:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Information

Published : 2008-08-01 14:41

Updated : 2024-11-21 00:46


NVD link : CVE-2008-2315

Mitre link : CVE-2008-2315

CVE.ORG link : CVE-2008-2315


JSON object : View

Products Affected

python

  • python
CWE
CWE-190

Integer Overflow or Wraparound