Lucene search

K
ubuntucveUbuntu.comUB:CVE-2008-5031
HistoryNov 10, 2008 - 12:00 a.m.

CVE-2008-5031

2008-11-1000:00:00
ubuntu.com
ubuntu.com
16

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

84.6%

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow
context-dependent attackers to have an unknown impact via a large integer
value in the tabsize argument to the expandtabs method, as implemented by
(1) the string_expandtabs function in Objects/stringobject.c and (2) the
unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this
vulnerability reportedly exists because of an incomplete fix for
CVE-2008-2315.

Bugs

Notes

Author Note
mdeslaur PoC: http://scary.beasts.org/security/CESA-2008-008.html
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchpython2.4< 2.4.3-0ubuntu6.3UNKNOWN
ubuntu8.04noarchpython2.4< 2.4.5-1ubuntu4.2UNKNOWN
ubuntu8.10noarchpython2.4< 2.4.5-5ubuntu1.1UNKNOWN

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

84.6%

Related for UB:CVE-2008-5031