Lucene search

[email protected]CVE-2008-2315

HistoryAug 01, 2008 - 2:41 p.m.

CVE-2008-2315

2008-08-0114:41:00

CWE-190

[email protected]

web.nvd.nist.gov

cve-2008-2315

integer overflows

python

security vulnerability

nvd

4.3 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.4%

JSON

Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.

CPENameOperatorVersion
python:pythonpythonle2.5.2

CPE	Name	Operator	Version
python:python	python	le	2.5.2

References

bugs.gentoo.org/attachment.cgi?id=159418&action=view

bugs.gentoo.org/show_bug.cgi?id=230640

lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

secunia.com/advisories/31305

secunia.com/advisories/31332

secunia.com/advisories/31358

secunia.com/advisories/31365

secunia.com/advisories/31518

secunia.com/advisories/31687

secunia.com/advisories/32793

secunia.com/advisories/33937

secunia.com/advisories/37471

secunia.com/advisories/38675

security.gentoo.org/glsa/glsa-200807-16.xml

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289

support.apple.com/kb/HT3438

support.avaya.com/css/P8/documents/100074697

www.debian.org/security/2008/dsa-1667

www.mandriva.com/security/advisories?name=MDVSA-2008:163

www.mandriva.com/security/advisories?name=MDVSA-2008:164

www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900

www.openwall.com/lists/oss-security/2008/11/05/2

www.openwall.com/lists/oss-security/2008/11/05/3

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/30491

www.ubuntu.com/usn/usn-632-1

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2008/2288

www.vupen.com/english/advisories/2009/3316

exchange.xforce.ibmcloud.com/vulnerabilities/44172

exchange.xforce.ibmcloud.com/vulnerabilities/44173

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761

4.3 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.4%

JSON

Related for CVE-2008-2315

prion2 ubuntucve2 cve1 veracode2 nessus30 openvas58 osv1 debian1 freebsd1 oraclelinux3 centos2 redhat3 seebug3 securityvulns2 gentoo2 slackware1 ubuntu2 vmware2