Veracode Vulnerability DatabaseVERACODE:23743Arbitrary Code Execution
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
python is vulnerable to arbitrary code execution. Multiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash).
| CPE | Name | Operator | Version |
|---|---|---|---|
| python | eq | 2.3.4__14.4.el4_6.1 | |
| python | eq | 2.4.3__21.el5 | |
| python | eq | 2.4.3__19.el5 | |
| python | eq | 2.3.4__14.4.el4_6.1 | |
| python | eq | 2.4.3__21.el5 | |
| python | eq | 2.4.3__19.el5 |
References
bugs.gentoo.org/show_bug.cgi?id=232137
bugs.python.org/file10825/issue2620-gps02-patch.txt
bugs.python.org/issue2620
lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
secunia.com/advisories/31305
secunia.com/advisories/31332
secunia.com/advisories/31358
secunia.com/advisories/31365
secunia.com/advisories/31473
secunia.com/advisories/31518
secunia.com/advisories/31687
secunia.com/advisories/32793
secunia.com/advisories/33937
secunia.com/advisories/37471
security.gentoo.org/glsa/glsa-200807-16.xml
slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289
support.apple.com/kb/HT3438
wiki.rpath.com/Advisories:rPSA-2008-0243
www.debian.org/security/2008/dsa-1667
www.mandriva.com/security/advisories?name=MDVSA-2008:163
www.mandriva.com/security/advisories?name=MDVSA-2008:164
www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900
www.redhat.com/security/updates/classification/#moderate
www.securityfocus.com/archive/1/495445/100/0/threaded
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/30491
www.ubuntu.com/usn/usn-632-1
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2008/2288
www.vupen.com/english/advisories/2009/3316
access.redhat.com/errata/RHSA-2009:1176
exchange.xforce.ibmcloud.com/vulnerabilities/44170
exchange.xforce.ibmcloud.com/vulnerabilities/44173
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11466
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8422
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P