SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2008-1721

Date: (C)2008-04-10 (M)2024-04-19

Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECTRACK-1019823

http://www.securityfocus.com/archive/1/archive/1/490690/100/0/threaded

http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded

APPLE-SA-2009-02-12

SSA:2008-217-01

http://bugs.python.org/issue2586

http://support.apple.com/kb/HT3438

http://support.avaya.com/css/P8/documents/100074697

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

https://issues.rpath.com/browse/RPL-2444

oval:org.mitre.oval:def:8249

oval:org.mitre.oval:def:8494

oval:org.mitre.oval:def:9407

zlib-pystringfromstringandsize-bo(41748)

oval:org.secpod.oval:def:500551
oval:org.secpod.oval:def:89050320
oval:org.mitre.oval:def:7981
oval:org.secpod.oval:def:500535
...

© SecPod Technologies