CVE-2008-2315

Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://bugs.gentoo.org/attachment.cgi?id=159418&action=view	Exploit
http://bugs.gentoo.org/show_bug.cgi?id=230640	Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html	Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html	Third Party Advisory
http://secunia.com/advisories/31305	Broken Link
http://secunia.com/advisories/31332	Broken Link
http://secunia.com/advisories/31358	Broken Link
http://secunia.com/advisories/31365	Broken Link
http://secunia.com/advisories/31518	Broken Link
http://secunia.com/advisories/31687	Broken Link
http://secunia.com/advisories/32793	Broken Link
http://secunia.com/advisories/33937	Broken Link
http://secunia.com/advisories/37471	Broken Link
http://secunia.com/advisories/38675	Broken Link
http://security.gentoo.org/glsa/glsa-200807-16.xml	Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289	Third Party Advisory
http://support.apple.com/kb/HT3438	Third Party Advisory
http://support.avaya.com/css/P8/documents/100074697	Third Party Advisory
http://www.debian.org/security/2008/dsa-1667	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:163	Broken Link Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:164	Broken Link Third Party Advisory
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900	Third Party Advisory
http://www.openwall.com/lists/oss-security/2008/11/05/2	Mailing List
http://www.openwall.com/lists/oss-security/2008/11/05/3	Mailing List
http://www.securityfocus.com/archive/1/507985/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/30491	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-632-1	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0016.html	Third Party Advisory
http://www.vupen.com/english/advisories/2008/2288	Broken Link Third Party Advisory
http://www.vupen.com/english/advisories/2009/3316	Broken Link Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/44172	VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/44173	VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-08-01 14:41

Updated : 2023-08-02 17:14

NVD link : CVE-2008-2315

Mitre link : CVE-2008-2315

CVE.ORG link : CVE-2008-2315

JSON object : View

Products Affected

python

python

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2008-2315", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-08-01T14:41:00.000", "references": [{"url": "http://bugs.gentoo.org/attachment.cgi?id=159418&action=view", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://bugs.gentoo.org/show_bug.cgi?id=230640", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31305", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31332", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31358", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31365", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31518", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31687", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/32793", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/33937", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/37471", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/38675", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200807-16.xml", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.apple.com/kb/HT3438", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.avaya.com/css/P8/documents/100074697", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2008/dsa-1667", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:163", "tags": ["Broken Link", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:164", "tags": ["Broken Link", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2008/11/05/2", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2008/11/05/3", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/30491", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-632-1", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/2288", "tags": ["Broken Link", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/3316", "tags": ["Broken Link", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44172", "tags": ["VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44173", "tags": ["VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761", "tags": ["Broken Link"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de enteros en Python 2.5.2 y anteriores. Permite a atacantes dependientes de contexto a tener un impacto desconocido a trav\u00e9s de vectores relacionados con el (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, y los m\u00f3dulos (6) stropmodule, (7) gcmodule, and (8) mmapmodule."}], "lastModified": "2023-08-02T17:14:55.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E0806D1-04EA-492A-8587-1886F47ECC80", "versionEndIncluding": "2.5.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10