Denial Of Service (DoS)

2020-04-1000:35:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Python is vulnerable to Denial Of Service (DoS). Multiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash).

CPENameOperatorVersion
pythoneq2.3.4__14.4.el4_6.1
pythoneq2.4.3__21.el5
pythoneq2.4.3__19.el5
pythoneq2.3.4__14.4.el4_6.1
pythoneq2.4.3__21.el5
pythoneq2.4.3__19.el5

Name	Operator	Version
python	eq	2.3.4__14.4.el4_6.1
python	eq	2.4.3__21.el5
python	eq	2.4.3__19.el5
python	eq	2.3.4__14.4.el4_6.1
python	eq	2.4.3__21.el5
python	eq	2.4.3__19.el5

References

lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

scary.beasts.org/security/CESA-2008-008.html

secunia.com/advisories/33937

secunia.com/advisories/35750

secunia.com/advisories/37471

security.gentoo.org/glsa/glsa-200907-16.xml

support.apple.com/kb/HT3438

svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c

svn.python.org/view/python/trunk/Objects/unicodeobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/unicodeobject.c&p2=/python/trunk/Objects/unicodeobject.c

svn.python.org/view?rev=61350&view=rev

www.openwall.com/lists/oss-security/2008/11/05/2

www.openwall.com/lists/oss-security/2008/11/05/3

www.redhat.com/security/updates/classification/#moderate

www.securityfocus.com/archive/1/507985/100/0/threaded

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/3316

access.redhat.com/errata/RHSA-2009:1176

exchange.xforce.ibmcloud.com/vulnerabilities/46612

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11280

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8564