7.5

CVE-2008-3142

Exploit

EPSS 1.65%
Published 01.08.2008 14:41:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro.

Affected products Warnungen 0 Metrics 2 CWE 1 References 37

Data is provided by the National Vulnerability Database (NVD)

Python ≫ Python Version < 2.4.6

Python ≫ Python Version >= 2.5.0 < 2.5.3

Canonical ≫ Ubuntu Linux Version6.06

Canonical ≫ Ubuntu Linux Version7.04

Canonical ≫ Ubuntu Linux Version7.10

Canonical ≫ Ubuntu Linux Version8.04 SwEdition-

Debian ≫ Debian Linux Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.65%	0.814

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/33937

Not Applicable

http://support.apple.com/kb/HT3438

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/31687

Not Applicable

http://secunia.com/advisories/37471

Not Applicable

http://www.securityfocus.com/archive/1/507985/100/0/threaded

Third Party Advisory

VDB Entry

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Third Party Advisory

http://www.vupen.com/english/advisories/2009/3316

Permissions Required

http://secunia.com/advisories/31358

Not Applicable

http://secunia.com/advisories/31365

Not Applicable

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289

Third Party Advisory

http://www.ubuntu.com/usn/usn-632-1

Third Party Advisory

http://secunia.com/advisories/31518

Not Applicable

http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:163

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2008:164

Broken Link

http://secunia.com/advisories/31305

Not Applicable

http://secunia.com/advisories/31332

Not Applicable

http://secunia.com/advisories/32793

Not Applicable

http://security.gentoo.org/glsa/glsa-200807-16.xml

Third Party Advisory

http://www.debian.org/security/2008/dsa-1667

Third Party Advisory

http://www.securityfocus.com/bid/30491

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2008/2288

Permissions Required

https://exchange.xforce.ibmcloud.com/vulnerabilities/44173

Third Party Advisory

VDB Entry

http://secunia.com/advisories/31473

Not Applicable

http://wiki.rpath.com/Advisories:rPSA-2008-0243

Broken Link

http://www.securityfocus.com/archive/1/495445/100/0/threaded

Third Party Advisory

VDB Entry

http://bugs.gentoo.org/show_bug.cgi?id=232137

Third Party Advisory

Issue Tracking

http://bugs.python.org/file10825/issue2620-gps02-patch.txt

Third Party Advisory

Exploit

Issue Tracking

http://bugs.python.org/issue2620

Third Party Advisory

Issue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/44170

Third Party Advisory

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11466

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8422

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2008-3142

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3142

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3142

EUVD