Integer overflow in Python - CVE-2008-2315

 

Integer overflow in Python - CVE-2008-2315

Published: August 2, 2023 / Updated: June 3, 2025


Vulnerability identifier: #VU110163
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2008-2315
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Python.org
Affected software:
Python

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.


How to mitigate CVE-2008-2315

Install update from vendor's website.

Sources