CVE-2008-2316

{"id": "CVE-2008-2316", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-08-01T14:41:00.000", "references": [{"url": "http://bugs.gentoo.org/attachment.cgi?id=159422&action=view", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://bugs.gentoo.org/show_bug.cgi?id=230640", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31305", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31332", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31358", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31365", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31473", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31518", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31687", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/33937", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200807-16.xml", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.apple.com/kb/HT3438", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0243", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:163", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/495445/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/30491", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-632-1", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/2288", "tags": ["Broken Link", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44173", "tags": ["VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44174", "tags": ["VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to \"partial hashlib hashing of data exceeding 4GB.\""}, {"lang": "es", "value": "Desbordamiento de entero en _hashopenssl.c en el m\u00f3dulo hashlib en Python 2.5.2 y anteriores. Podr\u00eda permitir a atacantes dependientes del contexto vencer res\u00famenes criptogr\u00e1ficos, relativos a \"comprobaci\u00f3n parcial hashlib de datos que exceden de 4GB.\""}], "lastModified": "2023-08-02T18:52:37.870", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E0806D1-04EA-492A-8587-1886F47ECC80", "versionEndIncluding": "2.5.2"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Affected module was only introduced upstream in python 2.5.", "lastModified": "2008-08-04T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}