10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.012 Low
EPSS
Percentile
84.6%
Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow
context-dependent attackers to have an unknown impact via a large integer
value in the tabsize argument to the expandtabs method, as implemented by
(1) the string_expandtabs function in Objects/stringobject.c and (2) the
unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this
vulnerability reportedly exists because of an incomplete fix for
CVE-2008-2315.
Author | Note |
---|---|
mdeslaur | PoC: http://scary.beasts.org/security/CESA-2008-008.html |