Lucene search

[email protected]NVD:CVE-2007-2052

HistoryApr 16, 2007 - 10:19 p.m.

CVE-2007-2052

2007-04-1622:19:00

CWE-193

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.6

Confidence

High

EPSS

0.039

Percentile

92.2%

JSON

Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.

Affected configurations

Nvd

Node

pythonpythonMatch2.4.0

pythonpythonMatch2.5.0

VendorProductVersionCPE
pythonpython2.4.0cpe:2.3:a:python:python:2.4.0:*:*:*:*:*:*:*
pythonpython2.5.0cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
python	python	2.4.0	cpe:2.3:a:python:python:2.4.0:::::::*
python	python	2.5.0	cpe:2.3:a:python:python:2.5.0:::::::*

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934

lists.vmware.com/pipermail/security-announce/2008/000005.html

secunia.com/advisories/25190

secunia.com/advisories/25217

secunia.com/advisories/25233

secunia.com/advisories/25353

secunia.com/advisories/25787

secunia.com/advisories/28027

secunia.com/advisories/28050

secunia.com/advisories/29032

secunia.com/advisories/29303

secunia.com/advisories/29889

secunia.com/advisories/31255

secunia.com/advisories/31492

secunia.com/advisories/37471

www.debian.org/security/2008/dsa-1551

www.debian.org/security/2008/dsa-1620

www.mandriva.com/security/advisories?name=MDKSA-2007:099

www.novell.com/linux/security/advisories/2007_13_sr.html

www.python.org/download/releases/2.5.1/NEWS.txt

www.redhat.com/support/errata/RHSA-2007-1076.html

www.redhat.com/support/errata/RHSA-2007-1077.html

www.redhat.com/support/errata/RHSA-2008-0629.html

www.securityfocus.com/archive/1/469294/30/6450/threaded

www.securityfocus.com/archive/1/488457/100/0/threaded

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/23887

www.trustix.org/errata/2007/0019/

www.ubuntu.com/usn/usn-585-1

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2007/1465

www.vupen.com/english/advisories/2008/0637

www.vupen.com/english/advisories/2009/3316

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093

exchange.xforce.ibmcloud.com/vulnerabilities/34060

issues.rpath.com/browse/RPL-1358

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.6

Confidence

High

EPSS

0.039

Percentile

92.2%

JSON

Related for NVD:CVE-2007-2052

openvas28 securityvulns1 prion1 nessus23 ubuntucve1 exploitdb1 cvelist1 seebug1 veracode1 cve1 ubuntu1 redhat6 centos3 oraclelinux2 osv2 vmware4 debian2