CVE-2004-0150

Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.debian.org/security/2004/dsa-458	Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200409-03.xml	Third Party Advisory
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:019	Broken Link
http://www.osvdb.org/4172	Broken Link
http://www.securityfocus.com/bid/9836	Patch Third Party Advisory VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15409	VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2004-04-15 04:00

Updated : 2023-08-02 18:00

NVD link : CVE-2004-0150

Mitre link : CVE-2004-0150

CVE.ORG link : CVE-2004-0150

JSON object : View

Products Affected

python

python

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2004-0150", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2004-04-15T04:00:00.000", "references": [{"url": "http://www.debian.org/security/2004/dsa-458", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-03.xml", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:019", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/4172", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/9836", "tags": ["Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15409", "tags": ["VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en getaddrinfo de Python 2.2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante una direcci\u00f3n IPv6 obtenida usando DNS."}], "lastModified": "2023-08-02T18:00:10.260", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F186F453-E521-487E-8ADA-1EC726045E7A", "versionEndExcluding": "2.2.2", "versionStartIncluding": "2.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}