Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2007-2052

Published: 16/04/2007 Updated: 02/08/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Python

Vulnerability Summary

Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent malicious users to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.

Vulnerable Product Search on Vulmon Subscribe to Product

python python 2.4.0

python python 2.5.0

Vendor Advisories

Red Hat: Moderate: python security update
Synopsis Moderate: python security update Type/Severity Security Advisory: Moderate Topic Updated python packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Des ...
Ubuntu Security Notice: python2.4⁄2.5 vulnerabilities
Piotr Engelking discovered that strxfrm in Python was not correctly calculating the size of the destination buffer This could lead to small information leaks, which might be used by attackers to gain additional knowledge about the state of a running Python script (CVE-2007-2052) ...
Debian Security Advisories: DSA-1620-1 python2.5 -- several vulnerabilities
Several vulnerabilities have been discovered in the interpreter for the Python language The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2052 Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, which may result in a mino ...

Exploits

Exploit DB: Python 2.5 - 'PyLocale_strxfrm' Remote Information Leak
source: wwwsecurityfocuscom/bid/23887/info Python applications that use the 'PyLocale_strxfrm' function are prone to an information leak Exploiting this issue allows remote attackers to read portions of memory Python 244-2 and 25 are confirmed vulnerable #!/usr/bin/python import locale print localesetlocale(localeLC_COLLATE, ...

References

CWE-193http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093http://www.python.org/download/releases/2.5.1/NEWS.txthttp://www.securityfocus.com/bid/23887http://secunia.com/advisories/25190http://secunia.com/advisories/25217https://issues.rpath.com/browse/RPL-1358http://secunia.com/advisories/25233http://www.mandriva.com/security/advisories?name=MDKSA-2007:099http://www.redhat.com/support/errata/RHSA-2007-1076.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1077.htmlhttp://www.novell.com/linux/security/advisories/2007_13_sr.htmlhttp://www.trustix.org/errata/2007/0019/http://secunia.com/advisories/25353http://secunia.com/advisories/25787http://secunia.com/advisories/28027http://secunia.com/advisories/28050http://lists.vmware.com/pipermail/security-announce/2008/000005.htmlhttp://secunia.com/advisories/29032http://www.ubuntu.com/usn/usn-585-1http://secunia.com/advisories/29303http://www.debian.org/security/2008/dsa-1551http://secunia.com/advisories/29889http://www.debian.org/security/2008/dsa-1620http://secunia.com/advisories/31255http://www.redhat.com/support/errata/RHSA-2008-0629.htmlhttp://secunia.com/advisories/31492http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://www.vupen.com/english/advisories/2009/3316http://secunia.com/advisories/37471http://www.vupen.com/english/advisories/2007/1465http://www.vupen.com/english/advisories/2008/0637https://exchange.xforce.ibmcloud.com/vulnerabilities/34060https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716http://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.securityfocus.com/archive/1/488457/100/0/threadedhttp://www.securityfocus.com/archive/1/469294/30/6450/threadedhttps://access.redhat.com/errata/RHSA-2009:1176https://usn.ubuntu.com/585-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/30018/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook