CVE-2008-5031

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.

References

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://scary.beasts.org/security/CESA-2008-008.html

http://secunia.com/advisories/33937

http://secunia.com/advisories/35750

http://secunia.com/advisories/37471

http://security.gentoo.org/glsa/glsa-200907-16.xml

http://support.apple.com/kb/HT3438

http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c

http://svn.python.org/view/python/trunk/Objects/unicodeobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/unicodeobject.c&p2=/python/trunk/Objects/unicodeobject.c

http://svn.python.org/view?rev=61350&view=rev

http://www.openwall.com/lists/oss-security/2008/11/05/2

http://www.openwall.com/lists/oss-security/2008/11/05/3

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2009/3316

https://exchange.xforce.ibmcloud.com/vulnerabilities/46612

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11280

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8564

Details

Source: MITRE

Published: 2008-11-10

Updated: 2019-10-25

Type: CWE-189

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
89117VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)NessusMisc.
critical
67898Oracle Linux 3 : python (ELSA-2009-1178)NessusOracle Linux Local Security Checks
critical
67897Oracle Linux 4 : python (ELSA-2009-1177)NessusOracle Linux Local Security Checks
critical
67896Oracle Linux 5 : python (ELSA-2009-1176)NessusOracle Linux Local Security Checks
critical
60625Scientific Linux Security Update : python for SL 4.x on i386/x86_64NessusScientific Linux Local Security Checks
critical
60624Scientific Linux Security Update : python for SL 3.0.x on i386/x86_64NessusScientific Linux Local Security Checks
critical
60622Scientific Linux Security Update : python for SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
43771CentOS 5 : python (CESA-2009:1176)NessusCentOS Local Security Checks
critical
42870VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.NessusVMware ESX Local Security Checks
medium
41581SuSE 10 Security Update : Python (ZYPP Patch Number 5837)NessusSuSE Local Security Checks
critical
41260SuSE9 Security Update : Python (YOU Patch Number 12316)NessusSuSE Local Security Checks
critical
40402RHEL 3 : python (RHSA-2009:1178)NessusRed Hat Local Security Checks
critical
40401RHEL 4 : python (RHSA-2009:1177)NessusRed Hat Local Security Checks
critical
40400RHEL 5 : python (RHSA-2009:1176)NessusRed Hat Local Security Checks
critical
40394CentOS 3 : python (CESA-2009:1178)NessusCentOS Local Security Checks
critical
40361Ubuntu 6.06 LTS / 8.04 LTS / 8.10 : python2.4, python2.5 vulnerabilities (USN-806-1)NessusUbuntu Local Security Checks
critical
39870GLSA-200907-16 : Python: Integer overflowsNessusGentoo Local Security Checks
critical
36693Mandriva Linux Security Advisory : python (MDVSA-2009:003)NessusMandriva Local Security Checks
critical
35684Mac OS X Multiple Vulnerabilities (Security Update 2009-001)NessusMacOS X Local Security Checks
critical
33807Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : python2.4, python2.5 vulnerabilities (USN-632-1)NessusUbuntu Local Security Checks
critical