7.5
CVE-2008-3142
- EPSS 4.49%
- Veröffentlicht 01.08.2008 14:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version7.04
Canonical ≫ Ubuntu Linux Version7.10
Canonical ≫ Ubuntu Linux Version8.04 SwEdition-
Debian ≫ Debian Linux Version4.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.49% | 0.903 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://secunia.com/advisories/33937
http://support.apple.com/kb/HT3438
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://secunia.com/advisories/31687
http://secunia.com/advisories/37471
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/3316
http://secunia.com/advisories/31358
http://secunia.com/advisories/31365
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289
http://www.ubuntu.com/usn/usn-632-1
http://secunia.com/advisories/31518
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900
http://www.mandriva.com/security/advisories?name=MDVSA-2008:163
http://www.mandriva.com/security/advisories?name=MDVSA-2008:164
http://secunia.com/advisories/31305
http://secunia.com/advisories/31332
http://secunia.com/advisories/32793
http://security.gentoo.org/glsa/glsa-200807-16.xml
http://www.debian.org/security/2008/dsa-1667
http://www.securityfocus.com/bid/30491
http://www.vupen.com/english/advisories/2008/2288
https://exchange.xforce.ibmcloud.com/vulnerabilities/44173
http://secunia.com/advisories/31473
http://wiki.rpath.com/Advisories:rPSA-2008-0243
http://www.securityfocus.com/archive/1/495445/100/0/threaded
http://bugs.gentoo.org/show_bug.cgi?id=232137
http://bugs.python.org/file10825/issue2620-gps02-patch.txt
http://bugs.python.org/issue2620
https://exchange.xforce.ibmcloud.com/vulnerabilities/44170
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11466
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8422