Published: 10/11/2008 Updated: 25/10/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 891

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Multiple integer overflows in Python 2.2.3 up to and including 2.5.1, and 2.6, allow context-dependent malicious users to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python python 2.4.6
python python 2.5.1
python python 2.2.3
python python 2.3.7

It was discovered that Python incorrectly handled certain arguments in the imageop module If an attacker were able to pass specially crafted arguments through the crop function, they could execute arbitrary code with user privileges For Python 25, this issue only affected Ubuntu 804 LTS (CVE-2008-4864) ...

Synopsis Moderate: python security update Type/Severity Security Advisory: Moderate Topic Updated python packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 4This update has been rated as having moderate security impact by the RedHat Security Response Team Des ...

Synopsis Moderate: python security update Type/Severity Security Advisory: Moderate Topic Updated python packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 3This update has been rated as having moderate security impact by the RedHat Security Response Team Des ...

Synopsis Moderate: python security update Type/Severity Security Advisory: Moderate Topic Updated python packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Des ...

CWE-189 http://svn.python.org/view?rev=61350&view=rev http://www.openwall.com/lists/oss-security/2008/11/05/3 http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c http://svn.python.org/view/python/trunk/Objects/unicodeobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/unicodeobject.c&p2=/python/trunk/Objects/unicodeobject.c http://www.openwall.com/lists/oss-security/2008/11/05/2 http://scary.beasts.org/security/CESA-2008-008.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://security.gentoo.org/glsa/glsa-200907-16.xml http://secunia.com/advisories/35750 http://support.apple.com/kb/HT3438 http://secunia.com/advisories/37471 http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2009/3316 https://exchange.xforce.ibmcloud.com/vulnerabilities/46612 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8564 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11280 http://www.securityfocus.com/archive/1/507985/100/0/threaded https://nvd.nist.gov https://usn.ubuntu.com/806-1/

CVE-2008-5031

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect