7.5

CVE-2008-3143

Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PythonPython Version < 2.5.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.67% 0.882
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
Third Party Advisory
http://secunia.com/advisories/31687
Broken Link
http://secunia.com/advisories/37471
Broken Link
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Third Party Advisory
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Third Party Advisory
http://www.vupen.com/english/advisories/2009/3316
Third Party Advisory
Broken Link
http://secunia.com/advisories/31365
Broken Link
http://www.ubuntu.com/usn/usn-632-1
Third Party Advisory
http://secunia.com/advisories/31518
Broken Link
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:163
Third Party Advisory
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2008:164
Third Party Advisory
Broken Link
http://secunia.com/advisories/31332
Broken Link
http://secunia.com/advisories/32793
Broken Link
http://security.gentoo.org/glsa/glsa-200807-16.xml
Broken Link
http://www.debian.org/security/2008/dsa-1667
Third Party Advisory
http://www.securityfocus.com/bid/30491
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2008/2288
Third Party Advisory
Broken Link
http://secunia.com/advisories/31473
Broken Link
http://wiki.rpath.com/Advisories:rPSA-2008-0243
Third Party Advisory
http://www.securityfocus.com/archive/1/495445/100/0/threaded
Third Party Advisory
VDB Entry
http://bugs.gentoo.org/show_bug.cgi?id=232137
Third Party Advisory
http://svn.python.org/view?rev=60793&view=rev
Vendor Advisory
http://www.python.org/download/releases/2.5.2/NEWS.txt
Vendor Advisory
http://www.python.org/download/releases/2.6/NEWS.txt
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7720
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8996
Broken Link