CVE-2008-2316

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB."

References

http://bugs.gentoo.org/attachment.cgi?id=159422&action=view

http://bugs.gentoo.org/show_bug.cgi?id=230640

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://secunia.com/advisories/31305

http://secunia.com/advisories/31332

http://secunia.com/advisories/31358

http://secunia.com/advisories/31365

http://secunia.com/advisories/31473

http://secunia.com/advisories/31518

http://secunia.com/advisories/31687

http://secunia.com/advisories/33937

http://security.gentoo.org/glsa/glsa-200807-16.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289

http://support.apple.com/kb/HT3438

http://wiki.rpath.com/Advisories:rPSA-2008-0243

http://www.mandriva.com/security/advisories?name=MDVSA-2008:163

http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900

http://www.securityfocus.com/archive/1/495445/100/0/threaded

http://www.securityfocus.com/bid/30491

http://www.ubuntu.com/usn/usn-632-1

http://www.vupen.com/english/advisories/2008/2288

https://exchange.xforce.ibmcloud.com/vulnerabilities/44173

https://exchange.xforce.ibmcloud.com/vulnerabilities/44174

Details

Source: MITRE

Published: 2008-08-01

Updated: 2018-10-11

Type: CWE-189

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
133259SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)NessusSuSE Local Security Checks
critical
127154NewStart CGSL MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0008)NessusNewStart CGSL Local Security Checks
high
44841Debian DSA-1977-1 : python2.4 python2.5 - several vulnerabilitiesNessusDebian Local Security Checks
high
41229SuSE9 Security Update : Python (YOU Patch Number 12215)NessusSuSE Local Security Checks
high
40115openSUSE Security Update : python (python-128)NessusSuSE Local Security Checks
high
37212Mandriva Linux Security Advisory : python (MDVSA-2008:163)NessusMandriva Local Security Checks
critical
35684Mac OS X Multiple Vulnerabilities (Security Update 2009-001)NessusMacOS X Local Security Checks
critical
34164FreeBSD : python -- multiple vulnerabilities (0dccaa28-7f3c-11dd-8de5-0030843d3802)NessusFreeBSD Local Security Checks
high
33924openSUSE 10 Security Update : python (python-5491)NessusSuSE Local Security Checks
high
33923SuSE 10 Security Update : Python (ZYPP Patch Number 5490)NessusSuSE Local Security Checks
high
33824Slackware 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : python (SSA:2008-217-01)NessusSlackware Local Security Checks
high
33807Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : python2.4, python2.5 vulnerabilities (USN-632-1)NessusUbuntu Local Security Checks
critical
33782GLSA-200807-16 : Python: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high