7.5

CVE-2008-3142

Exploit
Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PythonPython Version < 2.4.6
PythonPython Version >= 2.5.0 < 2.5.3
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version7.04
CanonicalUbuntu Linux Version7.10
CanonicalUbuntu Linux Version8.04 SwEdition-
DebianDebian Linux Version4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.49% 0.903
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/33937
Not Applicable
http://support.apple.com/kb/HT3438
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/31687
Not Applicable
http://secunia.com/advisories/37471
Not Applicable
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Third Party Advisory
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Third Party Advisory
http://www.vupen.com/english/advisories/2009/3316
Permissions Required
http://secunia.com/advisories/31358
Not Applicable
http://secunia.com/advisories/31365
Not Applicable
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289
Third Party Advisory
http://www.ubuntu.com/usn/usn-632-1
Third Party Advisory
http://secunia.com/advisories/31518
Not Applicable
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:163
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2008:164
Broken Link
http://secunia.com/advisories/31305
Not Applicable
http://secunia.com/advisories/31332
Not Applicable
http://secunia.com/advisories/32793
Not Applicable
http://security.gentoo.org/glsa/glsa-200807-16.xml
Third Party Advisory
http://www.debian.org/security/2008/dsa-1667
Third Party Advisory
http://www.securityfocus.com/bid/30491
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2008/2288
Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/44173
Third Party Advisory
VDB Entry
http://secunia.com/advisories/31473
Not Applicable
http://wiki.rpath.com/Advisories:rPSA-2008-0243
Broken Link
http://www.securityfocus.com/archive/1/495445/100/0/threaded
Third Party Advisory
VDB Entry
http://bugs.gentoo.org/show_bug.cgi?id=232137
Third Party Advisory
Issue Tracking
http://bugs.python.org/file10825/issue2620-gps02-patch.txt
Third Party Advisory
Exploit
Issue Tracking
http://bugs.python.org/issue2620
Third Party Advisory
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/44170
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11466
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8422
Third Party Advisory