CVE-2008-1887

2008-04-18T17:05:00
ID CVE-2008-1887
Type cve
Reporter cve@mitre.org
Modified 2018-10-11T20:37:00

Description

Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.