Lucene search

K
seebugRootSSV:60622
HistoryFeb 03, 2013 - 12:00 a.m.

Python 'expandtabs'多个整数溢出漏洞

2013-02-0300:00:00
Root
www.seebug.org
16

0.012 Low

EPSS

Percentile

83.3%

Bugtraq ID:33187
CVE ID: CVE-2008-5031

Python是一款开放源代码的脚本编程语言。
Python存在多个整数溢出,允许上下文独立的攻击者向expandtabs方法提交包含超大整数值的tabsize参数触发。其中Objects/stringobject.c中的string_expandtabs函数和Objects/unicodeobject.c中的unicode_expandtabs函数实现受此漏洞影响。
0
Python 2.2.3 - 2.5.1
Python 2.6
厂商解决方案

用户可参考如下厂商提供的安全公告获得补丁信息:
http://svn.python.org/view/python/trunk/Objects/unicodeobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/unicodeobject.c&p2=/python/trunk/Objects/unicodeobject.c
http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c