[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-2315Date: (C)2008-08-01   (M)2024-03-26


Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/507985/100/0/threaded
BID-30491
SECUNIA-31305
SECUNIA-31332
SECUNIA-31358
SECUNIA-31365
SECUNIA-31518
SECUNIA-31687
SECUNIA-32793
SECUNIA-33937
SECUNIA-37471
SECUNIA-38675
ADV-2008-2288
ADV-2009-3316
APPLE-SA-2009-02-12
DSA-1667
GLSA-200807-16
MDVSA-2008:163
MDVSA-2008:164
SSA:2008-217-01
SUSE-SR:2008:017
USN-632-1
http://www.openwall.com/lists/oss-security/2008/11/05/2
http://www.openwall.com/lists/oss-security/2008/11/05/3
http://bugs.gentoo.org/attachment.cgi?id=159418&action=view
http://bugs.gentoo.org/show_bug.cgi?id=230640
http://support.apple.com/kb/HT3438
http://support.avaya.com/css/P8/documents/100074697
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
oval:org.mitre.oval:def:8445
oval:org.mitre.oval:def:8683
oval:org.mitre.oval:def:9761
python-modules-bo(44172)
python-multiple-bo(44173)

CWE    1
CWE-190
OVAL    11
oval:org.secpod.oval:def:17184
oval:org.secpod.oval:def:202194
oval:org.secpod.oval:def:202139
oval:org.secpod.oval:def:200633
...

© SecPod Technologies