CVE-2008-2315

critical

Description

Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/44173

https://exchange.xforce.ibmcloud.com/vulnerabilities/44172

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.ubuntu.com/usn/usn-632-1

http://www.securityfocus.com/bid/30491

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.openwall.com/lists/oss-security/2008/11/05/3

http://www.openwall.com/lists/oss-security/2008/11/05/2

http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900

http://www.debian.org/security/2008/dsa-1667

http://support.avaya.com/css/P8/documents/100074697

http://support.apple.com/kb/HT3438

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289

http://security.gentoo.org/glsa/glsa-200807-16.xml

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://bugs.gentoo.org/show_bug.cgi?id=230640

Details

Source: Mitre, NVD

Published: 2008-08-01

Updated: 2023-08-02

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical