CVE-2008-2315

HIGH

Description

Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.

References

http://bugs.gentoo.org/attachment.cgi?id=159418&action=view

http://bugs.gentoo.org/show_bug.cgi?id=230640

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://secunia.com/advisories/31305

http://secunia.com/advisories/31332

http://secunia.com/advisories/31358

http://secunia.com/advisories/31365

http://secunia.com/advisories/31518

http://secunia.com/advisories/31687

http://secunia.com/advisories/32793

http://secunia.com/advisories/33937

http://secunia.com/advisories/37471

http://secunia.com/advisories/38675

http://security.gentoo.org/glsa/glsa-200807-16.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289

http://support.apple.com/kb/HT3438

http://support.avaya.com/css/P8/documents/100074697

http://www.debian.org/security/2008/dsa-1667

http://www.mandriva.com/security/advisories?name=MDVSA-2008:163

http://www.mandriva.com/security/advisories?name=MDVSA-2008:164

http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900

http://www.openwall.com/lists/oss-security/2008/11/05/2

http://www.openwall.com/lists/oss-security/2008/11/05/3

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securityfocus.com/bid/30491

http://www.ubuntu.com/usn/usn-632-1

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2008/2288

http://www.vupen.com/english/advisories/2009/3316

https://exchange.xforce.ibmcloud.com/vulnerabilities/44172

https://exchange.xforce.ibmcloud.com/vulnerabilities/44173

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761

Details

Source: MITRE

Published: 2008-08-01

Updated: 2018-10-11

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH